Vulnerabilities > Sage > Sage 300 > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-04-28 CVE-2022-41400 Use of Hard-coded Credentials vulnerability in Sage 300 2020/2021/2022
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory.
network
low complexity
sage CWE-798
critical
9.8
2023-04-28 CVE-2022-41397 Use of Hard-coded Credentials vulnerability in Sage 300 2020/2021/2022
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.
network
low complexity
sage CWE-798
critical
9.8