Vulnerabilities > Sage > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-10-04 CVE-2023-2809 Cleartext Storage of Sensitive Information vulnerability in Sage 200 Spain 2023.38.001
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application.
network
low complexity
sage CWE-312
critical
9.8
2023-04-28 CVE-2022-41397 Use of Hard-coded Credentials vulnerability in Sage 300 2020/2021/2022
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.
network
low complexity
sage CWE-798
critical
9.8
2023-04-28 CVE-2022-41400 Use of Hard-coded Credentials vulnerability in Sage 300 2020/2021/2022
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory.
network
low complexity
sage CWE-798
critical
9.8
2023-01-01 CVE-2022-34322 Cross-site Scripting vulnerability in Sage Enterprise Intelligence 2021R1.1
Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers.
network
low complexity
sage CWE-79
critical
9.0
2021-07-22 CVE-2020-7389 OS Command Injection vulnerability in Sage Syracuse
Sage X3 System CHAINE Variable Script Command Injection.
network
low complexity
sage CWE-78
critical
9.0