15 matches found
EUVD-2022-44592
Malicious code in bioql PyPI...
EUVD-2022-44594
Malicious code in bioql PyPI...
CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...
CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...
Hardcoded credentials
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...
Hardcoded credentials
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
PT-2023-13977 · Sage · Sage 300
Name of the Vulnerable Software and Affected Versions: Sage 300 versions through 2022 Description: The issue concerns the use of a hard-coded 40-byte blowfish key, specifically LandlordPassKey, for encrypting and decrypting secrets stored in configuration files and database tables. This is relate...
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
CVE-2022-41399
The CVE-2022-41399 issue affects Sage 300 (through 2022) where the optional Web Screens feature uses a hard-coded 40-byte Blowfish key (PASS_KEY) to encrypt/decrypt the PORTAL database connection string in dbconfig.xml. This cryptographic weakness could allow an attacker to access the SQL databas...
CVE-2022-41397
CVE-2022-41397 concerns Sage 300 (through version 2022) where the optional Web Screens and Global Search features use a hard-coded 40-byte Blowfish key, “LandlordPassKey,” to encrypt/decrypt secrets stored in configuration files and in database tables. This key is embedded in the feature’s encryp...
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
PT-2023-13979 · Sage · Sage 300
Name of the Vulnerable Software and Affected Versions: Sage 300 versions through 2022 Description: The optional Web Screens feature uses a hard-coded 40-byte blowfish key PASS KEY to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue...