Microsoft Dynamics Business Central/NAV CVE-2020-1018 Information Disclosure Vulnerability

description-logoDescription

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page. The attacker who successfully exploited the vulnerability could see the information that are in a masked field. The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked.

affected-products-logoAffected Applications

Microsoft Dynamics 365 BC On Premise
Dynamics 365 Business Central 2019 Spring Update
Microsoft Dynamics NAV 2015
Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2016
Microsoft Dynamics NAV 2018

CVE References

CVE-2020-1018