CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41398
https://notcve.org/view.php?id=CVE-2022-41398
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. • https://www.sage.com/en-ca/products/sage-300 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41397
https://notcve.org/view.php?id=CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables. • https://www.sage.com/en-ca/products/sage-300 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41400
https://notcve.org/view.php?id=CVE-2022-41400
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings. • https://www.sage.com/en-ca/products/sage-300 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41399
https://notcve.org/view.php?id=CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database. • https://www.sage.com/en-ca/products/sage-300 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25053
https://notcve.org/view.php?id=CVE-2019-25053
A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL. Existe una vulnerabilidad de path traversal en Sage FRP 1000 antes de noviembre de 2019. Esto permite a atacantes remotos no autenticados acceder a archivos fuera del árbol web a través de una URL manipulada. • https://www.on-x.com/wp-content/uploads/2023/01/on-x_-_security_advisory_-_sage_frp_1000_-_cve-2019-25053.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •