CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2809 – Use of Cleartext credentials in Sage 200 Spain
https://notcve.org/view.php?id=CVE-2023-2809
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext. Vulnerabilidad de uso de credenciales de texto plano en Sage 200 Spain versión 2023.38.001, cuya explotación podría permitir a un atacante remoto extraer las credenciales de la base de datos SQL de la aplicación DLL. Esta vulnerabilidad podría estar vinculada a técnicas conocidas para obtener la ejecución remota de comandos de MS SQL y escalar privilegios en sistemas Windows porque las credenciales se almacenan en texto plano. • https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31867
https://notcve.org/view.php?id=CVE-2023-31867
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. • http://sage.com https://github.com/Digitemis/Advisory/blob/main/CVE-2023-31867.txt • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31868
https://notcve.org/view.php?id=CVE-2023-31868
Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is injected into those fields, this code will be saved by the application and executed by the web browser of the user viewing the web page. Several injection points have been identified on the application. • http://sage.com https://github.com/Digitemis/Advisory/blob/main/CVE-2023-31868.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29927
https://notcve.org/view.php?id=CVE-2023-29927
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connection strings being used by Sage 300 and interact directly with the underlying database(s) to create, update, and delete all company records, bypassing the program’s role-based access controls. • https://www.controlgap.com/blog/critical-vulnerability-disclosure-sage-300 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38583
https://notcve.org/view.php?id=CVE-2022-38583
On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server. • http://sage.com https://www.controlgap.com/blog/sage-300-case-study • CWE-276: Incorrect Default Permissions •