CVE-2020-1018

HIGH

Microsoft Dynamics Business Central/NAV - Info Disclosure

Title source: llm

Description

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018

Scores

CVSS v3 7.5

EPSS 0.0616

EPSS Percentile 92.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (6)

microsoft/dynamics_365_business_central

microsoft/dynamics_365_business_central 2019 spring_update

microsoft/dynamics_nav 2015

microsoft/dynamics_nav 2016

microsoft/dynamics_nav 2017

microsoft/dynamics_nav 2018

Published Apr 15, 2020

Tracked Since Feb 18, 2026