CVE-2023-2809
Use of Cleartext credentials in Sage 200 Spain
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext.
Vulnerabilidad de uso de credenciales de texto plano en Sage 200 Spain versión 2023.38.001, cuya explotación podría permitir a un atacante remoto extraer las credenciales de la base de datos SQL de la aplicación DLL. Esta vulnerabilidad podría estar vinculada a técnicas conocidas para obtener la ejecución remota de comandos de MS SQL y escalar privilegios en sistemas Windows porque las credenciales se almacenan en texto plano.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-05-19 CVE Reserved
- 2023-10-04 CVE Published
- 2024-08-02 CVE Updated
- 2024-10-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sage Search vendor "Sage" | Sage 200 Spain Search vendor "Sage" for product "Sage 200 Spain" | 2023.38.001 Search vendor "Sage" for product "Sage 200 Spain" and version "2023.38.001" | - |
Affected
| ||||||