CVE-2020-1018

CWE-200Information Exposure5 documents5 sources
Severity
7.5HIGH
EPSS
3.9%
top 11.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Microsoft Dynamics 365 Business Central 2019 Spring UpdateMicrosoft Microsoft Dynamics 365 BC ON PremiseMicrosoft Microsoft Dynamics NAV 2015+5 more
Timeline
PublishedApr 15
Latest updateMay 24

Description

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Bu

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

NVDmicrosoft/dynamics_nav4 versions+3

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-4hf4-8q97-rmrh: An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked fi2022-05-24
CVEList
CVE-2020-1018: An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked fi2020-04-15

📋Vendor Advisories

1
Microsoft
Microsoft Dynamics Business Central/NAV Information Disclosure2020-04-14

🕵️Threat Intelligence

1
Talos
Vulnerability Spotlight: Denial-of-service vulnerability in GStreamer2020-03-23
CVE-2020-1018 (HIGH CVSS 7.5) | An information disclosure vulnerabi | cvebase.io