CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48646
https://notcve.org/view.php?id=CVE-2024-48646
30 Oct 2024 — An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may be executed on the server, leading to further system compromise. Existe una vulnerabilidad de carga de archivos sin restricciones en Sage 1000 v7.0.0 que permite a los usuarios autorizados cargar archivos sin la validación adecuada. ... • https://github.com/hx381/Sage-1000-v7.0.0-Exploit/blob/main/README.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48647
https://notcve.org/view.php?id=CVE-2024-48647
30 Oct 2024 — A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including configuration files that may contain credentials and system settings, which could lead to further compromise of the server. Existe una vulnerabilidad de divulgación de archivos en Sage 1000 v7.0.0. Esta vulnerabilidad per... • https://github.com/hx381/Sage-1000-v7.0.0-Exploit/blob/main/README.md • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2809 – Use of Cleartext credentials in Sage 200 Spain
https://notcve.org/view.php?id=CVE-2023-2809
04 Oct 2023 — Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext. Vulnerabilidad de uso de credenciales de texto plano en Sage 200 Spain versión 2023.38.001, cuya explotación podría permi... • https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31867
https://notcve.org/view.php?id=CVE-2023-31867
22 Jun 2023 — Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. • http://sage.com • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31868
https://notcve.org/view.php?id=CVE-2023-31868
22 Jun 2023 — Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is injected into those fields, this code will be saved by the application and executed by the web browser of the user viewing the web page. Several injection points have been identified on the application. • http://sage.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29927
https://notcve.org/view.php?id=CVE-2023-29927
16 May 2023 — Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connection strings being used by Sage 300 and interact directly with the underlying database(s) to create, update, and delete all company records, bypassing the program’s role-based access controls. • https://www.controlgap.com/blog/critical-vulnerability-disclosure-sage-300 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41398
https://notcve.org/view.php?id=CVE-2022-41398
28 Apr 2023 — The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. • https://www.sage.com/en-ca/products/sage-300 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41399
https://notcve.org/view.php?id=CVE-2022-41399
28 Apr 2023 — The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database. • https://www.sage.com/en-ca/products/sage-300 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38583
https://notcve.org/view.php?id=CVE-2022-38583
28 Apr 2023 — On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it... • http://sage.com • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41397
https://notcve.org/view.php?id=CVE-2022-41397
28 Apr 2023 — The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables. • https://www.sage.com/en-ca/products/sage-300 • CWE-798: Use of Hard-coded Credentials •