Lucene search

[email protected]CVE-2023-2809

HistoryOct 04, 2023 - 11:15 a.m.

CVE-2023-2809

2023-10-0411:15:10

CWE-312

[email protected]

web.nvd.nist.gov

sage 200

spain

plaintext

credential

vulnerability

sql

database

remote attacker

dll application

ms sql

windows

privilege escalation

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext.

Affected configurations

Vulners

NVD

Node

sagesage_200_spainRange≤2023.38.001

VendorProductVersionCPE
sagesage_200_spain*cpe:2.3:a:sage:sage_200_spain:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sage	sage_200_spain	*	cpe:2.3:a:sage:sage_200_spain::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Sage 200 Spain",
    "vendor": "Sage",
    "versions": [
      {
        "status": "affected",
        "version": "2023.38.001"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

JSON

Related for CVE-2023-2809

prion1 cvelist1 nvd1