| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2020-0905 | Dynamics Business Central Remote Code Execution Vulnerability | Microsoft Dynamics NAV | Critical | 11-03-2020 |
Technical Information
Brief overview of the risk:
An remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who successfully exploited this vulnerability could execute arbitrary shell commands on victim’s server.
Detailed Information on the risk:
To exploit the vulnerability, an authenticated attacker needs to convince the victim into connect to a malicious Dynamics Business Central client or elevate permission to system to perform the code execution.
The security update addresses the vulnerability by preventing the possibility of using a binary type that could eventually execute code on the victim’s server.
Further information on this vulnerability is available at : CVE-2020-0905
Affected Software
Microsoft Dynamics NAV 2018Microsoft Dynamics NAV 2015
Microsoft Dynamics 365 BC On Premise
Dynamics 365 Business Central 2019 Spring Update
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft Dynamics NAV 2016
Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2013