Vulnerabilities > Sage > Sage 300 > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-28 | CVE-2022-41400 | Use of Hard-coded Credentials vulnerability in Sage 300 2020/2021/2022 Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. | 9.8 |
2023-04-28 | CVE-2022-41397 | Use of Hard-coded Credentials vulnerability in Sage 300 2020/2021/2022 The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables. | 9.8 |