|CVE-2020-0905||Dynamics Business Central Remote Code Execution Vulnerability||Microsoft Dynamics NAV||Critical||11-03-2020|
Brief overview of the risk:
An remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who successfully exploited this vulnerability could execute arbitrary shell commands on victim’s server.
Detailed Information on the risk:
To exploit the vulnerability, an authenticated attacker needs to convince the victim into connect to a malicious Dynamics Business Central client or elevate permission to system to perform the code execution.
The security update addresses the vulnerability by preventing the possibility of using a binary type that could eventually execute code on the victim’s server.
Further information on this vulnerability is available at : CVE-2020-0905
Affected SoftwareMicrosoft Dynamics NAV 2018
Microsoft Dynamics NAV 2015
Microsoft Dynamics 365 BC On Premise
Dynamics 365 Business Central 2019 Spring Update
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft Dynamics NAV 2016
Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2013