cvelistv5 - CVE-2020-0905

CVE-2020-0905 (GCVE-0-2020-0905)

Vulnerability from cvelistv5

Published

2020-03-12 15:48

Modified

2024-08-04 06:18

Severity ?

CWE

Remote Code Execution

Summary

An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.

References

URL

Tags

	secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905	Patch, Vendor Advisory

Impacted products

Vendor

Product

Version

Microsoft

Microsoft Dynamics NAV 2018

Version: unspecified

Microsoft	Microsoft Dynamics NAV 2015	Version: unspecified
Microsoft	Microsoft Dynamics 365 BC On Premise	Version: unspecified
Microsoft	Dynamics 365 Business Central 2019 Spring Update	Version: unspecified
Microsoft	Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)	Version: unspecified
Microsoft	Microsoft Dynamics NAV 2016	Version: unspecified
Microsoft	Microsoft Dynamics NAV 2017	Version: unspecified
Microsoft	Microsoft Dynamics NAV 2013	Version: unspecified

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:18:03.491Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Dynamics NAV 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Dynamics NAV 2015",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Dynamics 365 BC On Premise",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Dynamics 365 Business Central 2019 Spring Update",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Dynamics NAV 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Dynamics NAV 2017",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Dynamics NAV 2013",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-12T15:48:59",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-0905",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Dynamics NAV 2018",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Dynamics NAV 2015",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Dynamics 365 BC On Premise",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Dynamics 365 Business Central 2019 Spring Update",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Dynamics NAV 2016",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Dynamics NAV 2017",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Dynamics NAV 2013",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-0905",
    "datePublished": "2020-03-12T15:48:59",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:18:03.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-0905\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2020-03-12T16:15:21.250\",\"lastModified\":\"2024-11-21T04:54:26.167\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en Microsoft Dynamics Business Central, tambi\u00e9n se conoce como \\\"Dynamics Business Central Remote Code Execution Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365_business_central:-:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7263659-A8E0-4869-83FA-8E5253C16F9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"47B14437-3FF0-4611-9A34-12C3D0FEA316\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*\",\"matchCriteriaId\":\"344834A1-6BC8-41F1-A225-6051FAE857A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_nav:2013:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E22070F0-178B-498E-942D-A2845A89FF3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1684AB88-6210-4136-9F46-7ECA54DC1745\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C8981A2-51D0-4FCC-8326-F807E2CC0D53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C147B08-82DF-4051-ACA4-B1ACEDB15FC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA8EA7FF-BEE3-47A5-B711-83191CBFCE40\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

gsd-2020-0905

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.

Aliases

CVE-2020-0905

Aliases

CVE-2020-0905

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-0905",
    "description": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027.",
    "id": "GSD-2020-0905"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-0905"
      ],
      "details": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027.",
      "id": "GSD-2020-0905",
      "modified": "2023-12-13T01:21:44.113994Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2020-0905",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Dynamics NAV 2018",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics NAV 2015",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics 365 BC On Premise",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Dynamics 365 Business Central 2019 Spring Update",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics NAV 2016",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics NAV 2017",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics NAV 2013",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:-:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2013:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-0905"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.1,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-03-17T15:14Z",
      "publishedDate": "2020-03-12T16:15Z"
    }
  }
}

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance, une usurpation d'identité et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Dynamics NAV 2018
Microsoft	N/A	Service Fabric
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 4
Microsoft	N/A	ChakraCore
Microsoft	N/A	Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft	N/A	Team Foundation Server 2018 Update 3.2
Microsoft	Azure	Azure DevOps Server 2019.0.1
Microsoft	Azure	Azure DevOps Server 2019 Update 1
Microsoft	N/A	Microsoft Dynamics NAV 2017
Microsoft	N/A	Microsoft Dynamics NAV 2015
Microsoft	N/A	Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft	N/A	Microsoft Dynamics NAV 2013
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 3
Microsoft	N/A	Team Foundation Server 2017 Update 3.1
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.0
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 14
Microsoft	N/A	Microsoft Dynamics 365 BC On Premise
Microsoft	N/A	Microsoft Dynamics NAV 2016
Microsoft	N/A	Team Foundation Server 2018 Update 1.2
Microsoft	N/A	Remote Desktop Connection Manager 2.7
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 15
Microsoft	Azure	Azure DevOps Server 2019 Update 1.1
Microsoft	N/A	Application Inspector
Microsoft	N/A	Dynamics 365 Business Central 2019 Spring Update

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 10 mars 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Dynamics NAV 2018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Service Fabric",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Update 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure DevOps Server 2019.0.1",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure DevOps Server 2019 Update 1",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2015",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Business Productivity Servers 2010 Service Pack 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2013",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2017 Update 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2015 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 BC On Premise",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics NAV 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Update 1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Remote Desktop Connection Manager 2.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure DevOps Server 2019 Update 1.1",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Application Inspector",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Business Central 2019 Spring Update",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0765"
    },
    {
      "name": "CVE-2020-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0789"
    },
    {
      "name": "CVE-2020-0758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0758"
    },
    {
      "name": "CVE-2020-0826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0826"
    },
    {
      "name": "CVE-2020-0903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0903"
    },
    {
      "name": "CVE-2020-0902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0902"
    },
    {
      "name": "CVE-2020-0700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0700"
    },
    {
      "name": "CVE-2020-0872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0872"
    },
    {
      "name": "CVE-2020-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0830"
    },
    {
      "name": "CVE-2020-0884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0884"
    },
    {
      "name": "CVE-2020-0812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0812"
    },
    {
      "name": "CVE-2020-0828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0828"
    },
    {
      "name": "CVE-2020-0831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0831"
    },
    {
      "name": "CVE-2020-0827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0827"
    },
    {
      "name": "CVE-2020-0848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0848"
    },
    {
      "name": "CVE-2020-0811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0811"
    },
    {
      "name": "CVE-2020-0829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0829"
    },
    {
      "name": "CVE-2020-0768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0768"
    },
    {
      "name": "CVE-2020-0825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0825"
    },
    {
      "name": "CVE-2020-0905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0905"
    },
    {
      "name": "CVE-2020-0823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0823"
    },
    {
      "name": "CVE-2020-0813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0813"
    },
    {
      "name": "CVE-2020-0810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0810"
    },
    {
      "name": "CVE-2020-0795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0795"
    },
    {
      "name": "CVE-2020-0815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0815"
    },
    {
      "name": "CVE-2020-0793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0793"
    }
  ],
  "initial_release_date": "2020-03-11T00:00:00",
  "last_revision_date": "2020-03-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-137",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-03-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, une\nusurpation d\u0027identit\u00e9 et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 mars 2020",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

cnvd-2020-17180

Vulnerability from cnvd

Title

Microsoft Dynamics Business Central远程代码执行漏洞

Description

Microsoft Dynamics Business Central是美国微软（Microsoft）公司的一套企业资源计划系统。该系统包括财务管理、项目管理和供应链管理等功能。 Microsoft Dynamics Business Central中存在远程代码执行漏洞。攻击者可利用该漏洞在用户系统上执行任意的shell命令。

Severity

高

Patch Name

Microsoft Dynamics Business Central远程代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-0905

Impacted products

Name
['Microsoft Dynamics 365 Business Central 2019 Release Wave 2', 'Microsoft Dynamics 365 Business Central 2019 Spring Update', 'Microsoft Dynamics 365 BC On Premise', 'Microsoft Dynamics NAV 2013', 'Microsoft Dynamics NAV 2015', 'Microsoft Dynamics NAV 2016', 'Microsoft Dynamics NAV 2017', 'Microsoft Dynamics NAV 2018']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-0905"
    }
  },
  "description": "Microsoft Dynamics Business Central\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u5305\u62ec\u8d22\u52a1\u7ba1\u7406\u3001\u9879\u76ee\u7ba1\u7406\u548c\u4f9b\u5e94\u94fe\u7ba1\u7406\u7b49\u529f\u80fd\u3002\n\nMicrosoft Dynamics Business Central\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7528\u6237\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u7684shell\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-0905",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-17180",
  "openTime": "2020-03-15",
  "patchDescription": "Microsoft Dynamics Business Central\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u5305\u62ec\u8d22\u52a1\u7ba1\u7406\u3001\u9879\u76ee\u7ba1\u7406\u548c\u4f9b\u5e94\u94fe\u7ba1\u7406\u7b49\u529f\u80fd\u3002\r\n\r\nMicrosoft Dynamics Business Central\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7528\u6237\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u7684shell\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Dynamics Business Central\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Dynamics 365 Business Central 2019 Release Wave 2",
      "Microsoft Dynamics 365 Business Central 2019 Spring Update",
      "Microsoft Dynamics 365 BC On Premise",
      "Microsoft Dynamics NAV 2013",
      "Microsoft Dynamics NAV 2015",
      "Microsoft Dynamics NAV 2016",
      "Microsoft Dynamics NAV 2017",
      "Microsoft Dynamics NAV 2018"
    ]
  },
  "serverity": "\u9ad8",
  "submitTime": "2020-03-13",
  "title": "Microsoft Dynamics Business Central\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

ghsa-3xwp-cg99-2wx2

Vulnerability from github

Published

2022-05-24 17:11

Modified

2022-05-24 17:11

Details

An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-0905"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027.",
  "id": "GHSA-3xwp-cg99-2wx2",
  "modified": "2022-05-24T17:11:04Z",
  "published": "2022-05-24T17:11:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0905"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2020-0905

Vulnerability from fkie_nvd

Published

2020-03-12 16:15

Modified

2024-11-21 04:54

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.

References

	URL	Tags
	secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	dynamics_365_business_central	-
microsoft	dynamics_365_business_central	2019
microsoft	dynamics_365_business_central	2019
microsoft	dynamics_nav	2013
microsoft	dynamics_nav	2015
microsoft	dynamics_nav	2016
microsoft	dynamics_nav	2017
microsoft	dynamics_nav	2018

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:-:-:*:*:*:*:*:*",
              "matchCriteriaId": "F7263659-A8E0-4869-83FA-8E5253C16F9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:*:*:*:*",
              "matchCriteriaId": "47B14437-3FF0-4611-9A34-12C3D0FEA316",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
              "matchCriteriaId": "344834A1-6BC8-41F1-A225-6051FAE857A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2013:*:*:*:*:*:*:*",
              "matchCriteriaId": "E22070F0-178B-498E-942D-A2845A89FF3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2015:*:*:*:*:*:*:*",
              "matchCriteriaId": "1684AB88-6210-4136-9F46-7ECA54DC1745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C8981A2-51D0-4FCC-8326-F807E2CC0D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka \u0027Dynamics Business Central Remote Code Execution Vulnerability\u0027."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en Microsoft Dynamics Business Central, tambi\u00e9n se conoce como \"Dynamics Business Central Remote Code Execution Vulnerability\"."
    }
  ],
  "id": "CVE-2020-0905",
  "lastModified": "2024-11-21T04:54:26.167",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-12T16:15:21.250",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-0905 (GCVE-0-2020-0905)

Vulnerability from cvelistv5

gsd-2020-0905

Vulnerability from gsd

CERTFR-2020-AVI-137

Vulnerability from certfr_avis

Solution

cnvd-2020-17180

Vulnerability from cnvd

ghsa-3xwp-cg99-2wx2

Vulnerability from github

fkie_cve-2020-0905

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature