Skip to main content

Dynamics 365 Business Central CVE-2020-1018

HIGH
Information Exposure (CWE-200)
2020-04-15 secure@microsoft.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 15, 2020 - 15:15 nvd
HIGH 7.5

DescriptionNVD

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.

AnalysisAI

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'. Affected products include: Microsoft Dynamics 365 Business Central, Microsoft Dynamics Nav.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2024-38225 CRITICAL
9.8 Sep 10

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this v

CVE-2024-43460 HIGH
8.8 Sep 17

Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacke

CVE-2024-35249 HIGH
8.8 Jun 11

Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulner

CVE-2022-41127 HIGH
8.5 Dec 13

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability. Ra

CVE-2024-21380 HIGH
8.0 Feb 13

Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability. Rated high severity (CVSS 8.0), this vulne

CVE-2021-34474 HIGH
8.0 Jul 14

Dynamics Business Central Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is rem

CVE-2020-1022 HIGH
8.0 Apr 15

A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remo

CVE-2020-0905 HIGH
8.0 Mar 12

An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Rem

CVE-2024-35248 HIGH
7.3 Jun 11

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulne

CVE-2023-38167 HIGH
7.2 Aug 08

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulne

CVE-2021-1724 MEDIUM
6.1 Feb 25

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.1), this vulnerabi

CVE-2021-40440 MEDIUM
5.4 Sep 15

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerabi

Share

CVE-2020-1018 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy