cvelistv5 - CVE-2020-1022

CVE-2020-1022 (GCVE-0-2020-1022)

Vulnerability from cvelistv5 – Published: 2020-04-15 15:13 – Updated: 2024-08-04 06:25

Summary

A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.

Severity ?

No CVSS data available.

CWE

Remote Code Execution

Assigner

microsoft

References

URL

Tags

https://portal.msrc.microsoft.com/en-US/security-…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Microsoft

Microsoft Dynamics NAV 2015

Affected: unspecified

Microsoft	Microsoft Dynamics 365 BC On Premise	Affected: unspecified
Microsoft	Microsoft Dynamics NAV 2018	Affected: unspecified
Microsoft	Microsoft Dynamics NAV 2013	Affected: unspecified
Microsoft	Microsoft Dynamics NAV 2016	Affected: unspecified
Microsoft	Microsoft Dynamics NAV 2017	Affected: unspecified
Microsoft	Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)	Affected: unspecified
Microsoft	Dynamics 365 Business Central 2019 Spring Update	Affected: unspecified

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:25:00.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Dynamics NAV 2015",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Dynamics 365 BC On Premise",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Dynamics NAV 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Dynamics NAV 2013",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Dynamics NAV 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Dynamics NAV 2017",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Dynamics 365 Business Central 2019 Spring Update",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T15:13:28",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-1022",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Dynamics NAV 2015",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Dynamics 365 BC On Premise",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Dynamics NAV 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Dynamics NAV 2013",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Dynamics NAV 2016",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Dynamics NAV 2017",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Dynamics 365 Business Central 2019 Spring Update",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-1022",
    "datePublished": "2020-04-15T15:13:28",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:25:00.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:dynamics_365_business_central:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D4E68C0-D7DF-48EF-9F4A-C95AD19CA7D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:*:*:*:*\", \"matchCriteriaId\": \"47B14437-3FF0-4611-9A34-12C3D0FEA316\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*\", \"matchCriteriaId\": \"344834A1-6BC8-41F1-A225-6051FAE857A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:dynamics_nav:2013:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E22070F0-178B-498E-942D-A2845A89FF3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1684AB88-6210-4136-9F46-7ECA54DC1745\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C8981A2-51D0-4FCC-8326-F807E2CC0D53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C147B08-82DF-4051-ACA4-B1ACEDB15FC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA8EA7FF-BEE3-47A5-B711-83191CBFCE40\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027.\"}, {\"lang\": \"es\", \"value\": \"Hay una vulnerabilidad de ejecuci\\u00f3n de c\\u00f3digo remota en Microsoft Dynamics Business Central, tambi\\u00e9n se conoce como \\\"Dynamics Business Central Remote Code Execution Vulnerability\\\".\"}]",
      "id": "CVE-2020-1022",
      "lastModified": "2024-11-21T05:09:34.707",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.8, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-04-15T15:15:20.903",
      "references": "[{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-1022\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2020-04-15T15:15:20.903\",\"lastModified\":\"2024-11-21T05:09:34.707\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027.\"},{\"lang\":\"es\",\"value\":\"Hay una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en Microsoft Dynamics Business Central, tambi\u00e9n se conoce como \\\"Dynamics Business Central Remote Code Execution Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365_business_central:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D4E68C0-D7DF-48EF-9F4A-C95AD19CA7D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"47B14437-3FF0-4611-9A34-12C3D0FEA316\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*\",\"matchCriteriaId\":\"344834A1-6BC8-41F1-A225-6051FAE857A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_nav:2013:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E22070F0-178B-498E-942D-A2845A89FF3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1684AB88-6210-4136-9F46-7ECA54DC1745\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C8981A2-51D0-4FCC-8326-F807E2CC0D53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C147B08-82DF-4051-ACA4-B1ACEDB15FC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA8EA7FF-BEE3-47A5-B711-83191CBFCE40\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-225

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, une élévation de privilèges, une atteinte à la confidentialité des données, un contournement de la fonctionnalité de sécurité et une usurpation d'identité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Dynamics NAV 2018
Microsoft	N/A	ChakraCore
Microsoft	N/A	Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft	N/A	Microsoft Research JavaScript Cryptography Library V1.4
Microsoft	N/A	Microsoft Visio 2010 Service Pack 2 (éditions 64 bits)
Microsoft	N/A	Microsoft Visio 2013 Service Pack 1 (éditions 32 bits)
Microsoft	N/A	Microsoft Dynamics NAV 2017
Microsoft	N/A	Microsoft Dynamics NAV 2015
Microsoft	N/A	Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft	N/A	Microsoft System Center 2012 R2 Endpoint Protection
Microsoft	N/A	Microsoft Dynamics NAV 2013
Microsoft	N/A	Dynamics 365 Server, version 9.0 (on-premises)
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft	N/A	Microsoft System Center Endpoint Protection
Microsoft	N/A	Microsoft Visio 2016 (édition 64 bits)
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.0
Microsoft	N/A	Microsoft Security Essentials
Microsoft	N/A	Microsoft RMS Sharing pour Mac
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Microsoft	N/A	Microsoft Visio 2016 (édition 32 bits)
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Microsoft Dynamics 365 BC On Premise
Microsoft	N/A	Microsoft Dynamics NAV 2016
Microsoft	N/A	Microsoft AutoUpdate pour Mac
Microsoft	N/A	Microsoft Your Phone Companion App pour Android
Microsoft	N/A	Microsoft Visio 2010 Service Pack 2 (éditions 32 bits)
Microsoft	N/A	Microsoft Visio 2013 Service Pack 1 (éditions 64 bits)
Microsoft	N/A	Microsoft Remote Desktop pour Mac
Microsoft	N/A	Microsoft Forefront Endpoint Protection 2010
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.5
Microsoft	N/A	Dynamics 365 Business Central 2019 Spring Update
Microsoft	N/A	Microsoft System Center 2012 Endpoint Protection

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 avril 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Dynamics NAV 2018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Research JavaScript Cryptography Library V1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2015",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Business Productivity Servers 2010 Service Pack 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft System Center 2012 R2 Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2013",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Server, version 9.0 (on-premises)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft System Center Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Security Essentials",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft RMS Sharing pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2015 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 BC On Premise",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft AutoUpdate pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Your Phone Companion App pour Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Remote Desktop pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Endpoint Protection 2010",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Business Central 2019 Spring Update",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft System Center 2012 Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0899"
    },
    {
      "name": "CVE-2020-0984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0984"
    },
    {
      "name": "CVE-2020-0931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0931"
    },
    {
      "name": "CVE-2020-0760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0760"
    },
    {
      "name": "CVE-2020-1026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1026"
    },
    {
      "name": "CVE-2020-1018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1018"
    },
    {
      "name": "CVE-2020-0969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0969"
    },
    {
      "name": "CVE-2020-1002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1002"
    },
    {
      "name": "CVE-2020-1019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1019"
    },
    {
      "name": "CVE-2020-1022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1022"
    },
    {
      "name": "CVE-2020-1049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1049"
    },
    {
      "name": "CVE-2020-1050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1050"
    },
    {
      "name": "CVE-2020-0919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0919"
    },
    {
      "name": "CVE-2020-0970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0970"
    },
    {
      "name": "CVE-2020-0900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0900"
    },
    {
      "name": "CVE-2020-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0943"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-225",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation\nde privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9 et une usurpation\nd\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 avril 2020",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2020-AVI-225

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Dynamics NAV 2018
Microsoft	N/A	ChakraCore
Microsoft	N/A	Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft	N/A	Microsoft Research JavaScript Cryptography Library V1.4
Microsoft	N/A	Microsoft Visio 2010 Service Pack 2 (éditions 64 bits)
Microsoft	N/A	Microsoft Visio 2013 Service Pack 1 (éditions 32 bits)
Microsoft	N/A	Microsoft Dynamics NAV 2017
Microsoft	N/A	Microsoft Dynamics NAV 2015
Microsoft	N/A	Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft	N/A	Microsoft System Center 2012 R2 Endpoint Protection
Microsoft	N/A	Microsoft Dynamics NAV 2013
Microsoft	N/A	Dynamics 365 Server, version 9.0 (on-premises)
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft	N/A	Microsoft System Center Endpoint Protection
Microsoft	N/A	Microsoft Visio 2016 (édition 64 bits)
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.0
Microsoft	N/A	Microsoft Security Essentials
Microsoft	N/A	Microsoft RMS Sharing pour Mac
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Microsoft	N/A	Microsoft Visio 2016 (édition 32 bits)
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Microsoft Dynamics 365 BC On Premise
Microsoft	N/A	Microsoft Dynamics NAV 2016
Microsoft	N/A	Microsoft AutoUpdate pour Mac
Microsoft	N/A	Microsoft Your Phone Companion App pour Android
Microsoft	N/A	Microsoft Visio 2010 Service Pack 2 (éditions 32 bits)
Microsoft	N/A	Microsoft Visio 2013 Service Pack 1 (éditions 64 bits)
Microsoft	N/A	Microsoft Remote Desktop pour Mac
Microsoft	N/A	Microsoft Forefront Endpoint Protection 2010
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.5
Microsoft	N/A	Dynamics 365 Business Central 2019 Spring Update
Microsoft	N/A	Microsoft System Center 2012 Endpoint Protection

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 avril 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Dynamics NAV 2018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Research JavaScript Cryptography Library V1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2015",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Business Productivity Servers 2010 Service Pack 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft System Center 2012 R2 Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2013",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Server, version 9.0 (on-premises)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft System Center Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Security Essentials",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft RMS Sharing pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2015 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 BC On Premise",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft AutoUpdate pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Your Phone Companion App pour Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visio 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Remote Desktop pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Forefront Endpoint Protection 2010",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Business Central 2019 Spring Update",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft System Center 2012 Endpoint Protection",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0899"
    },
    {
      "name": "CVE-2020-0984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0984"
    },
    {
      "name": "CVE-2020-0931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0931"
    },
    {
      "name": "CVE-2020-0760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0760"
    },
    {
      "name": "CVE-2020-1026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1026"
    },
    {
      "name": "CVE-2020-1018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1018"
    },
    {
      "name": "CVE-2020-0969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0969"
    },
    {
      "name": "CVE-2020-1002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1002"
    },
    {
      "name": "CVE-2020-1019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1019"
    },
    {
      "name": "CVE-2020-1022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1022"
    },
    {
      "name": "CVE-2020-1049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1049"
    },
    {
      "name": "CVE-2020-1050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1050"
    },
    {
      "name": "CVE-2020-0919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0919"
    },
    {
      "name": "CVE-2020-0970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0970"
    },
    {
      "name": "CVE-2020-0900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0900"
    },
    {
      "name": "CVE-2020-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0943"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-225",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation\nde privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9 et une usurpation\nd\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 avril 2020",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

GHSA-RQ3C-GXFR-P3C8

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14

Details

A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-1022"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027.",
  "id": "GHSA-rq3c-gxfr-p3c8",
  "modified": "2022-05-24T17:14:37Z",
  "published": "2022-05-24T17:14:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1022"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2020-1022

Vulnerability from fkie_nvd - Published: 2020-04-15 15:15 - Updated: 2024-11-21 05:09

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.

References

	URL	Tags
	secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	dynamics_365_business_central	-
microsoft	dynamics_365_business_central	2019
microsoft	dynamics_365_business_central	2019
microsoft	dynamics_nav	2013
microsoft	dynamics_nav	2015
microsoft	dynamics_nav	2016
microsoft	dynamics_nav	2017
microsoft	dynamics_nav	2018

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4E68C0-D7DF-48EF-9F4A-C95AD19CA7D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:*:*:*:*",
              "matchCriteriaId": "47B14437-3FF0-4611-9A34-12C3D0FEA316",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
              "matchCriteriaId": "344834A1-6BC8-41F1-A225-6051FAE857A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2013:*:*:*:*:*:*:*",
              "matchCriteriaId": "E22070F0-178B-498E-942D-A2845A89FF3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*",
              "matchCriteriaId": "1684AB88-6210-4136-9F46-7ECA54DC1745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C8981A2-51D0-4FCC-8326-F807E2CC0D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
    },
    {
      "lang": "es",
      "value": "Hay una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en Microsoft Dynamics Business Central, tambi\u00e9n se conoce como \"Dynamics Business Central Remote Code Execution Vulnerability\"."
    }
  ],
  "id": "CVE-2020-1022",
  "lastModified": "2024-11-21T05:09:34.707",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-15T15:15:20.903",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2020-1022

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.

Aliases

CVE-2020-1022

Aliases

CVE-2020-1022

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-1022",
    "description": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027.",
    "id": "GSD-2020-1022"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-1022"
      ],
      "details": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027.",
      "id": "GSD-2020-1022",
      "modified": "2023-12-13T01:21:58.847049Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2020-1022",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Dynamics NAV 2015",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics 365 BC On Premise",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics NAV 2018",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics NAV 2013",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics NAV 2016",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics NAV 2017",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Dynamics 365 Business Central 2019 Spring Update",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2013:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-1022"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.1,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2020-04-15T15:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-1022 (GCVE-0-2020-1022)

CERTFR-2020-AVI-225

Solution

CERTFR-2020-AVI-225

Solution

GHSA-RQ3C-GXFR-P3C8

FKIE_CVE-2020-1022

GSD-2020-1022

Tags

Sightings

Nomenclature