Unrated severityNVD Advisory· Published Apr 15, 2020· Updated Aug 4, 2024

CVE-2020-1018

Description

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.

Affected products

Microsoft/Dynamics Business Centralllm-fuzzy
Microsoft/Dynamics 365 Business Central 2019 Spring Updatev5
Range: unspecified
Microsoft/Dynamics 365 (on-premises)cpe-rescue
Range: unspecified
Microsoft/Microsoft Dynamics NAV 2015v5
Range: unspecified
Microsoft/Microsoft Dynamics NAV 2016v5
Range: unspecified
Microsoft/Microsoft Dynamics NAV 2017v5
Range: unspecified
Microsoft/Microsoft Dynamics NAV 2018v5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1018mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000