Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-29927
HistoryMay 16, 2023 - 8:15 p.m.

CVE-2023-29927

2023-05-1620:15:09
[email protected]
web.nvd.nist.gov
13
sage 300
cve-2023-29927
sql interaction
role-based access controls
nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.5%

JSON

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the β€œWindows Peer-to-Peer Network” or β€œClient Server Network” Sage 300 configurations, could recover the SQL connection strings being used by Sage 300 and interact directly with the underlying database(s) to create, update, and delete all company records, bypassing the program’s role-based access controls.

Affected configurations

NVD
Node
sagesage_300Range≀2022
CPENameOperatorVersion
sage:sage_300sage sage 300le2022

Related

nvd 1
prion 1
cvelist 1
nvd
nvd
CVE-2023-29927
2023-05-16 20:15:09
prion
prion
Design/Logic Flaw
2023-05-16 20:15:00
cvelist
cvelist
CVE-2023-29927
2023-05-16 00:00:00

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.5%

JSON
Related for CVE-2023-29927
nvd1prion1cvelist1