Vulnerabilities > Sage > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2023-2809 | Cleartext Storage of Sensitive Information vulnerability in Sage 200 Spain 2023.38.001 Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. | 9.8 |
| 2023-04-28 | CVE-2022-41397 | Use of Hard-coded Credentials vulnerability in Sage 300 2020/2021/2022 The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables. | 9.8 |
| 2023-04-28 | CVE-2022-41400 | Use of Hard-coded Credentials vulnerability in Sage 300 2020/2021/2022 Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. | 9.8 |
| 2023-01-01 | CVE-2022-34322 | Cross-site Scripting vulnerability in Sage Enterprise Intelligence 2021R1.1 Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. | 9.0 |
| 2021-07-22 | CVE-2020-7389 | OS Command Injection vulnerability in Sage Syracuse Sage X3 System CHAINE Variable Script Command Injection. | 9.0 |