<< Back
CVE Number Vulnerability Product Severity Date
CVE-2020-0905 Dynamics Business Central Remote Code Execution Vulnerability Microsoft Dynamics NAV Critical 11-03-2020

Technical Information

Brief overview of the risk:

An remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who successfully exploited this vulnerability could execute arbitrary shell commands on victim’s server.


Detailed Information on the risk:
To exploit the vulnerability, an authenticated attacker needs to convince the victim into connect to a malicious Dynamics Business Central client or elevate permission to system to perform the code execution.
The security update addresses the vulnerability by preventing the possibility of using a binary type that could eventually execute code on the victim’s server.

Further information on this vulnerability is available at : CVE-2020-0905

Affected Software

Microsoft Dynamics NAV 2018
Microsoft Dynamics NAV 2015
Microsoft Dynamics 365 BC On Premise
Dynamics 365 Business Central 2019 Spring Update
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft Dynamics NAV 2016
Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2013