CVE-2020-1018
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
High
0.013 Low
EPSS
Percentile
85.8%
An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka ‘Microsoft Dynamics Business Central/NAV Information Disclosure’.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | microsoft_dynamics_nav_2016 | unspecified | cpe:2.3:a:microsoft:microsoft_dynamics_nav_2016:unspecified:*:*:*:*:*:*:* |
| microsoft | microsoft_dynamics_nav_2017 | unspecified | cpe:2.3:a:microsoft:microsoft_dynamics_nav_2017:unspecified:*:*:*:*:*:*:* |
| microsoft | microsoft_dynamics_nav_2018 | unspecified | cpe:2.3:a:microsoft:microsoft_dynamics_nav_2018:unspecified:*:*:*:*:*:*:* |
| microsoft | microsoft_dynamics_nav_2015 | unspecified | cpe:2.3:a:microsoft:microsoft_dynamics_nav_2015:unspecified:*:*:*:*:*:*:* |
| microsoft | dynamics_365_business_central | unspecified | cpe:2.3:a:microsoft:dynamics_365_business_central:unspecified:*:*:*:*:bc_on_premise:*:* |
| microsoft | dynamics_365_business_central | unspecified | cpe:2.3:a:microsoft:dynamics_365_business_central:unspecified:*:*:*:*:business_central:*:* |
CNA Affected
[
{
"product": "Microsoft Dynamics NAV 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Dynamics 365 BC On Premise",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Dynamics 365 Business Central 2019 Spring Update",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
]Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
High
0.013 Low
EPSS
Percentile
85.8%