Search criteria
27 vulnerabilities found for dynamics_nav by microsoft
FKIE_CVE-2022-41127
Vulnerability from fkie_nvd - Published: 2022-12-13 19:15 - Updated: 2024-11-21 07:22
Severity ?
Summary
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | 2019 | |
| microsoft | dynamics_365_business_central | 2019 | |
| microsoft | dynamics_365_business_central | 2020 | |
| microsoft | dynamics_365_business_central | 2020 | |
| microsoft | dynamics_365_business_central | 2021 | |
| microsoft | dynamics_365_business_central | 2021 | |
| microsoft | dynamics_365_business_central | 2022 | |
| microsoft | dynamics_nav | 2016 | |
| microsoft | dynamics_nav | 2017 | |
| microsoft | dynamics_nav | 2018 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:on-premise:*:*:*",
"matchCriteriaId": "3972FED2-131E-447F-B0D7-86BFEC57F018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
"matchCriteriaId": "344834A1-6BC8-41F1-A225-6051FAE857A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "F51A2D68-9B05-4565-8677-82761652876F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "BBA207FC-8ADA-4DA9-BCE5-5ABB51B1C2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "039B9A4B-EF36-4EAC-BE4A-BAEFCD1B0145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "53830264-2696-4A6C-ACFD-18FAA03B616B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2022:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "91B91E62-E8A6-40CC-8F9D-7277628CA4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8981A2-51D0-4FCC-8326-F807E2CC0D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Dynamics NAV y Microsoft Dynamics 365 Business Central (On Premises)."
}
],
"id": "CVE-2022-41127",
"lastModified": "2024-11-21T07:22:40.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2022-12-13T19:15:12.337",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-41066
Vulnerability from fkie_nvd - Published: 2022-11-09 22:15 - Updated: 2025-08-25 02:23
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Microsoft Business Central Information Disclosure Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4AC243-AFB8-4735-B3BA-42677448216D",
"versionEndExcluding": "14.42.49347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E97209C-6B3C-4E82-A788-239BBF042316",
"versionEndIncluding": "19.18.54872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3527F043-462D-4EE9-88EA-F3805B5A882B",
"versionEndExcluding": "20.7.48483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F801EA-68D1-42AD-B956-BF3951E7ED1E",
"versionEndExcluding": "21.1.48638",
"versionStartIncluding": "21.1.48638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Business Central Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Business Central"
}
],
"id": "CVE-2022-41066",
"lastModified": "2025-08-25T02:23:53.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-11-09T22:15:21.070",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-36946
Vulnerability from fkie_nvd - Published: 2021-08-12 18:15 - Updated: 2024-11-21 06:14
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | 2019 | |
| microsoft | dynamics_365_business_central | 2020 | |
| microsoft | dynamics_365_business_central | 2020 | |
| microsoft | dynamics_nav | 2017 | |
| microsoft | dynamics_nav | 2018 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
"matchCriteriaId": "344834A1-6BC8-41F1-A225-6051FAE857A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "F51A2D68-9B05-4565-8677-82761652876F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "BBA207FC-8ADA-4DA9-BCE5-5ABB51B1C2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
},
{
"lang": "es",
"value": "Una Vulnerabilidad de tipo Cross-site Scripting en Microsoft Dynamics Business Central"
}
],
"id": "CVE-2021-36946",
"lastModified": "2024-11-21T06:14:21.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-08-12T18:15:10.110",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-1724
Vulnerability from fkie_nvd - Published: 2021-02-25 23:15 - Updated: 2024-11-21 05:44
Severity ?
6.1 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | 2019 | |
| microsoft | dynamics_365_business_central | 2020 | |
| microsoft | dynamics_365_business_central | 2020 | |
| microsoft | dynamics_nav | 2015 | |
| microsoft | dynamics_nav | 2016 | |
| microsoft | dynamics_nav | 2017 | |
| microsoft | dynamics_nav | 2018 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:on-premise:*:*:*",
"matchCriteriaId": "3972FED2-131E-447F-B0D7-86BFEC57F018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "F51A2D68-9B05-4565-8677-82761652876F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "BBA207FC-8ADA-4DA9-BCE5-5ABB51B1C2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*",
"matchCriteriaId": "1684AB88-6210-4136-9F46-7ECA54DC1745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8981A2-51D0-4FCC-8326-F807E2CC0D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
},
{
"lang": "es",
"value": "Una Vulnerabilidad de tipo Cross-site Scripting de Microsoft Dynamics Business Central"
}
],
"id": "CVE-2021-1724",
"lastModified": "2024-11-21T05:44:58.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 4.0,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-02-25T23:15:13.493",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1724"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-17133
Vulnerability from fkie_nvd - Published: 2020-12-10 00:15 - Updated: 2025-08-28 23:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_nav | 2015 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*",
"matchCriteriaId": "1684AB88-6210-4136-9F46-7ECA54DC1745",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Dynamics Business Central/NAV"
}
],
"id": "CVE-2020-17133",
"lastModified": "2025-08-28T23:15:40.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2020-12-10T00:15:15.450",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17133"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-1022
Vulnerability from fkie_nvd - Published: 2020-04-15 15:15 - Updated: 2024-11-21 05:09
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | - | |
| microsoft | dynamics_365_business_central | 2019 | |
| microsoft | dynamics_365_business_central | 2019 | |
| microsoft | dynamics_nav | 2013 | |
| microsoft | dynamics_nav | 2015 | |
| microsoft | dynamics_nav | 2016 | |
| microsoft | dynamics_nav | 2017 | |
| microsoft | dynamics_nav | 2018 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4E68C0-D7DF-48EF-9F4A-C95AD19CA7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "47B14437-3FF0-4611-9A34-12C3D0FEA316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
"matchCriteriaId": "344834A1-6BC8-41F1-A225-6051FAE857A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "E22070F0-178B-498E-942D-A2845A89FF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*",
"matchCriteriaId": "1684AB88-6210-4136-9F46-7ECA54DC1745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8981A2-51D0-4FCC-8326-F807E2CC0D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en Microsoft Dynamics Business Central, tambi\u00e9n se conoce como \"Dynamics Business Central Remote Code Execution Vulnerability\"."
}
],
"id": "CVE-2020-1022",
"lastModified": "2024-11-21T05:09:34.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T15:15:20.903",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-1018
Vulnerability from fkie_nvd - Published: 2020-04-15 15:15 - Updated: 2024-11-21 05:09
Severity ?
Summary
An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | - | |
| microsoft | dynamics_365_business_central | 2019 | |
| microsoft | dynamics_nav | 2015 | |
| microsoft | dynamics_nav | 2016 | |
| microsoft | dynamics_nav | 2017 | |
| microsoft | dynamics_nav | 2018 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4E68C0-D7DF-48EF-9F4A-C95AD19CA7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
"matchCriteriaId": "344834A1-6BC8-41F1-A225-6051FAE857A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*",
"matchCriteriaId": "1684AB88-6210-4136-9F46-7ECA54DC1745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8981A2-51D0-4FCC-8326-F807E2CC0D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka \u0027Microsoft Dynamics Business Central/NAV Information Disclosure\u0027."
},
{
"lang": "es",
"value": "Hay una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Microsoft Dynamics Business Central/NAV en sitio no oculta apropiadamente el valor de un campo enmascarado cuando se muestran los registros como una p\u00e1gina de gr\u00e1ficos. El atacante que explotara con \u00e9xito la vulnerabilidad podr\u00eda visualizar la informaci\u00f3n que se encuentra en un campo enmascarado. La actualizaci\u00f3n de seguridad aborda la vulnerabilidad mediante la actualizaci\u00f3n del motor de renderizado del cliente de Windows para detectar apropiadamente los campos enmascarados y renderizar el contenido como enmascarado., tambi\u00e9n se conoce como \"Microsoft Dynamics Business Central/NAV Information Disclosure\"."
}
],
"id": "CVE-2020-1018",
"lastModified": "2024-11-21T05:09:34.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T15:15:20.747",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-0905
Vulnerability from fkie_nvd - Published: 2020-03-12 16:15 - Updated: 2024-11-21 04:54
Severity ?
Summary
An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | - | |
| microsoft | dynamics_365_business_central | 2019 | |
| microsoft | dynamics_365_business_central | 2019 | |
| microsoft | dynamics_nav | 2013 | |
| microsoft | dynamics_nav | 2015 | |
| microsoft | dynamics_nav | 2016 | |
| microsoft | dynamics_nav | 2017 | |
| microsoft | dynamics_nav | 2018 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:-:-:*:*:*:*:*:*",
"matchCriteriaId": "F7263659-A8E0-4869-83FA-8E5253C16F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "47B14437-3FF0-4611-9A34-12C3D0FEA316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
"matchCriteriaId": "344834A1-6BC8-41F1-A225-6051FAE857A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "E22070F0-178B-498E-942D-A2845A89FF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*",
"matchCriteriaId": "1684AB88-6210-4136-9F46-7ECA54DC1745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8981A2-51D0-4FCC-8326-F807E2CC0D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en Microsoft Dynamics Business Central, tambi\u00e9n se conoce como \"Dynamics Business Central Remote Code Execution Vulnerability\"."
}
],
"id": "CVE-2020-0905",
"lastModified": "2024-11-21T04:54:26.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-12T16:15:21.250",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-8651
Vulnerability from fkie_nvd - Published: 2018-12-12 00:29 - Updated: 2024-11-21 04:14
Severity ?
Summary
A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106077 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106077 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_nav | 2016 | |
| microsoft | dynamics_nav | 2017 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8981A2-51D0-4FCC-8326-F807E2CC0D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka \"Microsoft Dynamics NAV Cross Site Scripting Vulnerability.\" This affects Microsoft Dynamics NAV."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad Cross-Site Scripting (XSS) cuando Microsoft Dynamics NAV no sanea correctamente una petici\u00f3n web especialmente manipulada a un servidor Dynamics NAV afectado. Esto tambi\u00e9n se conoce como \"Microsoft Dynamics NAV Cross Site Scripting Vulnerability\". Esto afecta a Microsoft Dynamics NAV."
}
],
"id": "CVE-2018-8651",
"lastModified": "2024-11-21T04:14:10.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-12T00:29:02.013",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106077"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-41127 (GCVE-0-2022-41127)
Vulnerability from cvelistv5 – Published: 2022-12-13 00:00 – Updated: 2025-07-22 17:49
VLAI?
Summary
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Severity ?
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2016 |
Affected:
1.0 , < Build 52203
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Build 52203",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Build 30712",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Build 49497",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "52204",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Spring 2019 Update",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 14.43.49498, Platform Build 14.0.49494",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 15.17.48428, Platform Build 15.0.48",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 17.17.38111, Platform Build 17.0.38061",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 16.19.35126, Platform Build 16.35120",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 20.8.49971, Platform Build 20.0.49947",
"status": "affected",
"version": "20.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 19.14.49970, Platform Build 19.0.49925",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 21.2.49990, Platform Build 21.0.49984",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 18.18.46920, Platform Build 18.0.46905",
"status": "affected",
"version": "18.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2013 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "52297",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "Build 52203",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2017:*:*:*:*:*:*:*:*",
"versionEndExcluding": "Build 30712",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2018:*:*:*:*:*:*:*:*",
"versionEndExcluding": "Build 49497",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2015:*:*:*:*:*:*:*:*",
"versionEndExcluding": "52204",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2019:*:spring_update:*:*:*:*:*:*",
"versionEndExcluding": "App Build 14.43.49498, Platform Build 14.0.49494",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2019:*:release_wave_2:*:*:on-premise:*:*:*",
"versionEndExcluding": "App Build 15.17.48428, Platform Build 15.0.48",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2020:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 17.17.38111, Platform Build 17.0.38061",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2020:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 16.19.35126, Platform Build 16.35120",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 20.8.49971, Platform Build 20.0.49947",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2021:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 19.14.49970, Platform Build 19.0.49925",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 21.2.49990, Platform Build 21.0.49984",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2021:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 18.18.46920, Platform Build 18.0.46905",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2013_R2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "52297",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-12-13T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T17:49:27.342Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
}
],
"title": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41127",
"datePublished": "2022-12-13T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2025-07-22T17:49:27.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41066 (GCVE-0-2022-41066)
Vulnerability from cvelistv5 – Published: 2022-11-09 00:00 – Updated: 2025-01-02 21:31
VLAI?
Summary
Microsoft Business Central Information Disclosure Vulnerability
Severity ?
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2018 |
Affected:
1.0 , < 49345
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Business Central Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "49345",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Spring 2019 Update",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 14.42.49347, Platform Build 14.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 21.1.48638, Platform Build 21.0.",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 20.7.48483, Platform Build 20.0.",
"status": "affected",
"version": "20.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 21.2.49990, Platform Build 21.0",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:*:*:*:*:*:*:*:*",
"versionEndExcluding": "49345",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:spring_update:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 14.42.49347, Platform Build 14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 21.1.48638, Platform Build 21.0.",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 20.7.48483, Platform Build 20.0.",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 21.2.49990, Platform Build 21.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-11-08T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Business Central Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:31:52.861Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Business Central Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
}
],
"title": "Microsoft Business Central Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41066",
"datePublished": "2022-11-09T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2025-01-02T21:31:52.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36946 (GCVE-0-2021-36946)
Vulnerability from cvelistv5 – Published: 2021-08-12 18:12 – Updated: 2024-08-04 01:09
VLAI?
Summary
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2017 |
Affected:
1.0 , < 30601
(custom)
cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:* |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:09:07.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "30601",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "47562",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Spring 2019 Update",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 14.27.47563, Platform Build 14.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 17.9.28504, Platform Build 17.0.",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 16.15.28500, Platform Build 16.0",
"status": "affected",
"version": "16.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-10T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T19:54:01.481Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"
}
],
"title": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-36946",
"datePublished": "2021-08-12T18:12:34",
"dateReserved": "2021-07-19T00:00:00",
"dateUpdated": "2024-08-04T01:09:07.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1724 (GCVE-0-2021-1724)
Vulnerability from cvelistv5 – Published: 2021-02-25 23:01 – Updated: 2024-08-03 16:18
VLAI?
Summary
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2018 |
Affected:
1.0 , < publication
(custom)
cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:11.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:on-premise:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-09T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T22:33:18.208Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1724"
}
],
"title": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-1724",
"datePublished": "2021-02-25T23:01:27",
"dateReserved": "2020-12-02T00:00:00",
"dateUpdated": "2024-08-03T16:18:11.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17133 (GCVE-0-2020-17133)
Vulnerability from cvelistv5 – Published: 2020-12-09 23:36 – Updated: 2025-08-28 22:23
VLAI?
Summary
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
Severity ?
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2015 |
Affected:
1.0 , < publication
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:16.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17133"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2015:*:*:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2020-12-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T22:23:47.276Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17133"
}
],
"title": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-17133",
"datePublished": "2020-12-09T23:36:51",
"dateReserved": "2020-08-04T00:00:00",
"dateUpdated": "2025-08-28T22:23:47.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1022 (GCVE-0-2020-1022)
Vulnerability from cvelistv5 – Published: 2020-04-15 15:13 – Updated: 2024-08-04 06:25
VLAI?
Summary
A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2015 |
Affected:
unspecified
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:00.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics 365 BC On Premise",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2013",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Dynamics 365 Business Central 2019 Spring Update",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:28",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Dynamics NAV 2015",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics 365 BC On Premise",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2018",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2013",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2017",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Dynamics 365 Business Central 2019 Spring Update",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1022",
"datePublished": "2020-04-15T15:13:28",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:00.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1018 (GCVE-0-2020-1018)
Vulnerability from cvelistv5 – Published: 2020-04-15 15:13 – Updated: 2024-08-04 06:24
VLAI?
Summary
An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2016 |
Affected:
unspecified
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:24:59.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Dynamics NAV 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics 365 BC On Premise",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Dynamics 365 Business Central 2019 Spring Update",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka \u0027Microsoft Dynamics Business Central/NAV Information Disclosure\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:26",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Dynamics NAV 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2017",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2018",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2015",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics 365 BC On Premise",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Dynamics 365 Business Central 2019 Spring Update",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka \u0027Microsoft Dynamics Business Central/NAV Information Disclosure\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1018",
"datePublished": "2020-04-15T15:13:27",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:24:59.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0905 (GCVE-0-2020-0905)
Vulnerability from cvelistv5 – Published: 2020-03-12 15:48 – Updated: 2024-08-04 06:18
VLAI?
Summary
An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2018 |
Affected:
unspecified
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics 365 BC On Premise",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Dynamics 365 Business Central 2019 Spring Update",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2013",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:59",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Dynamics NAV 2018",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2015",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics 365 BC On Premise",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Dynamics 365 Business Central 2019 Spring Update",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2017",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2013",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0905",
"datePublished": "2020-03-12T15:48:59",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8651 (GCVE-0-2018-8651)
Vulnerability from cvelistv5 – Published: 2018-12-12 00:00 – Updated: 2024-08-05 07:02
VLAI?
Summary
A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV |
Affected:
2016
Affected: 2017 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:25.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Dynamics NAV",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2017"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka \"Microsoft Dynamics NAV Cross Site Scripting Vulnerability.\" This affects Microsoft Dynamics NAV."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "106077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Dynamics NAV",
"version": {
"version_data": [
{
"version_value": "2016"
},
{
"version_value": "2017"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka \"Microsoft Dynamics NAV Cross Site Scripting Vulnerability.\" This affects Microsoft Dynamics NAV."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106077"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8651",
"datePublished": "2018-12-12T00:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T07:02:25.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41127 (GCVE-0-2022-41127)
Vulnerability from nvd – Published: 2022-12-13 00:00 – Updated: 2025-07-22 17:49
VLAI?
Summary
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Severity ?
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2016 |
Affected:
1.0 , < Build 52203
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Build 52203",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Build 30712",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Build 49497",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "52204",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Spring 2019 Update",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 14.43.49498, Platform Build 14.0.49494",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 15.17.48428, Platform Build 15.0.48",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 17.17.38111, Platform Build 17.0.38061",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 16.19.35126, Platform Build 16.35120",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 20.8.49971, Platform Build 20.0.49947",
"status": "affected",
"version": "20.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 19.14.49970, Platform Build 19.0.49925",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 21.2.49990, Platform Build 21.0.49984",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 18.18.46920, Platform Build 18.0.46905",
"status": "affected",
"version": "18.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2013 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "52297",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "Build 52203",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2017:*:*:*:*:*:*:*:*",
"versionEndExcluding": "Build 30712",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2018:*:*:*:*:*:*:*:*",
"versionEndExcluding": "Build 49497",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2015:*:*:*:*:*:*:*:*",
"versionEndExcluding": "52204",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2019:*:spring_update:*:*:*:*:*:*",
"versionEndExcluding": "App Build 14.43.49498, Platform Build 14.0.49494",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2019:*:release_wave_2:*:*:on-premise:*:*:*",
"versionEndExcluding": "App Build 15.17.48428, Platform Build 15.0.48",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2020:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 17.17.38111, Platform Build 17.0.38061",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2020:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 16.19.35126, Platform Build 16.35120",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 20.8.49971, Platform Build 20.0.49947",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2021:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 19.14.49970, Platform Build 19.0.49925",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 21.2.49990, Platform Build 21.0.49984",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2021:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 18.18.46920, Platform Build 18.0.46905",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2013_R2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "52297",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-12-13T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T17:49:27.342Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
}
],
"title": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41127",
"datePublished": "2022-12-13T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2025-07-22T17:49:27.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41066 (GCVE-0-2022-41066)
Vulnerability from nvd – Published: 2022-11-09 00:00 – Updated: 2025-01-02 21:31
VLAI?
Summary
Microsoft Business Central Information Disclosure Vulnerability
Severity ?
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2018 |
Affected:
1.0 , < 49345
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Business Central Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "49345",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Spring 2019 Update",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 14.42.49347, Platform Build 14.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 21.1.48638, Platform Build 21.0.",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 20.7.48483, Platform Build 20.0.",
"status": "affected",
"version": "20.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 21.2.49990, Platform Build 21.0",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:*:*:*:*:*:*:*:*",
"versionEndExcluding": "49345",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:spring_update:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 14.42.49347, Platform Build 14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 21.1.48638, Platform Build 21.0.",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 20.7.48483, Platform Build 20.0.",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 21.2.49990, Platform Build 21.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-11-08T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Business Central Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:31:52.861Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Business Central Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
}
],
"title": "Microsoft Business Central Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41066",
"datePublished": "2022-11-09T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2025-01-02T21:31:52.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36946 (GCVE-0-2021-36946)
Vulnerability from nvd – Published: 2021-08-12 18:12 – Updated: 2024-08-04 01:09
VLAI?
Summary
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2017 |
Affected:
1.0 , < 30601
(custom)
cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:* |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:09:07.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "30601",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "47562",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Spring 2019 Update",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 14.27.47563, Platform Build 14.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 17.9.28504, Platform Build 17.0.",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 16.15.28500, Platform Build 16.0",
"status": "affected",
"version": "16.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-10T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T19:54:01.481Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"
}
],
"title": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-36946",
"datePublished": "2021-08-12T18:12:34",
"dateReserved": "2021-07-19T00:00:00",
"dateUpdated": "2024-08-04T01:09:07.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1724 (GCVE-0-2021-1724)
Vulnerability from nvd – Published: 2021-02-25 23:01 – Updated: 2024-08-03 16:18
VLAI?
Summary
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2018 |
Affected:
1.0 , < publication
(custom)
cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:11.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1724"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:on-premise:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-09T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T22:33:18.208Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1724"
}
],
"title": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-1724",
"datePublished": "2021-02-25T23:01:27",
"dateReserved": "2020-12-02T00:00:00",
"dateUpdated": "2024-08-03T16:18:11.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17133 (GCVE-0-2020-17133)
Vulnerability from nvd – Published: 2020-12-09 23:36 – Updated: 2025-08-28 22:23
VLAI?
Summary
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
Severity ?
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2015 |
Affected:
1.0 , < publication
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:53:16.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17133"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2015:*:*:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2020-12-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T22:23:47.276Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17133"
}
],
"title": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-17133",
"datePublished": "2020-12-09T23:36:51",
"dateReserved": "2020-08-04T00:00:00",
"dateUpdated": "2025-08-28T22:23:47.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1022 (GCVE-0-2020-1022)
Vulnerability from nvd – Published: 2020-04-15 15:13 – Updated: 2024-08-04 06:25
VLAI?
Summary
A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2015 |
Affected:
unspecified
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:00.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics 365 BC On Premise",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2013",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Dynamics 365 Business Central 2019 Spring Update",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:28",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Dynamics NAV 2015",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics 365 BC On Premise",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2018",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2013",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2017",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Dynamics 365 Business Central 2019 Spring Update",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1022",
"datePublished": "2020-04-15T15:13:28",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:00.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1018 (GCVE-0-2020-1018)
Vulnerability from nvd – Published: 2020-04-15 15:13 – Updated: 2024-08-04 06:24
VLAI?
Summary
An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2016 |
Affected:
unspecified
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:24:59.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Dynamics NAV 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics 365 BC On Premise",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Dynamics 365 Business Central 2019 Spring Update",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka \u0027Microsoft Dynamics Business Central/NAV Information Disclosure\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:26",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Dynamics NAV 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2017",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2018",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2015",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics 365 BC On Premise",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Dynamics 365 Business Central 2019 Spring Update",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka \u0027Microsoft Dynamics Business Central/NAV Information Disclosure\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1018",
"datePublished": "2020-04-15T15:13:27",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:24:59.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0905 (GCVE-0-2020-0905)
Vulnerability from nvd – Published: 2020-03-12 15:48 – Updated: 2024-08-04 06:18
VLAI?
Summary
An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2018 |
Affected:
unspecified
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics 365 BC On Premise",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Dynamics 365 Business Central 2019 Spring Update",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2013",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-12T15:48:59",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Dynamics NAV 2018",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2015",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics 365 BC On Premise",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Dynamics 365 Business Central 2019 Spring Update",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2016",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2017",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Dynamics NAV 2013",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0905",
"datePublished": "2020-03-12T15:48:59",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8651 (GCVE-0-2018-8651)
Vulnerability from nvd – Published: 2018-12-12 00:00 – Updated: 2024-08-05 07:02
VLAI?
Summary
A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV |
Affected:
2016
Affected: 2017 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:25.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Dynamics NAV",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2017"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka \"Microsoft Dynamics NAV Cross Site Scripting Vulnerability.\" This affects Microsoft Dynamics NAV."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T10:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "106077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Dynamics NAV",
"version": {
"version_data": [
{
"version_value": "2016"
},
{
"version_value": "2017"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka \"Microsoft Dynamics NAV Cross Site Scripting Vulnerability.\" This affects Microsoft Dynamics NAV."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106077"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8651"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-8651",
"datePublished": "2018-12-12T00:00:00",
"dateReserved": "2018-03-14T00:00:00",
"dateUpdated": "2024-08-05T07:02:25.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}