Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13 matches found

Packet Storm
Packet Stormadded 2024/09/01 12:0 a.m.257 views

Sage X3 AdxAdmin Login Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/x3' require 'metasploit/framework/credentialcollection' class MetasploitModule 'Sage X3 AdxAdmin Login Scanner', 'Description'...

5.3CVSS7AI score0.55955EPSS
Exploits6
OSV
OSVadded 2021/07/22 7:15 p.m.0 views

CVE-2020-7387

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...

5.3CVSS6.7AI score0.55955EPSS
Exploits6References3
NVD
NVDadded 2021/07/22 7:15 p.m.23 views

CVE-2020-7387

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...

5.3CVSS0.55955EPSS
Exploits6References3
NVD
NVDadded 2021/07/22 7:15 p.m.22 views

CVE-2020-7388

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

10CVSS0.68801EPSS
Exploits6References3
Prion
Prionadded 2021/07/22 7:15 p.m.22 views

Design/Logic Flaw

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...

5CVSS6.9AI score0.68801EPSS
Exploits7References3Affected Software1
Prion
Prionadded 2021/07/22 7:15 p.m.26 views

Design/Logic Flaw

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

7.5CVSS6.7AI score0.68801EPSS
Exploits7References3Affected Software1
Cvelist
Cvelistadded 2021/07/22 6:27 p.m.22 views

CVE-2020-7388 Sage X3 AdxAdmin Unauthenticated Command Execution Bypass by Spoofing

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

10CVSS6AI score0.68801EPSS
Exploits6References2
Cvelist
Cvelistadded 2021/07/22 6:27 p.m.26 views

CVE-2020-7387 Sage X3 AdxAdmin Exposure of Sensitive Information to an Unauthorized Actor

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...

5.3CVSS6AI score0.55955EPSS
Exploits6References2
Metasploit
Metasploitadded 2021/07/21 5:42 p.m.94 views

Sage X3 Administration Service Authentication Bypass Command Execution

This module leverages an authentication bypass exploit within Sage X3 AdxSrv's administration protocol to execute arbitrary commands as SYSTEM against a Sage X3 Server running an available AdxAdmin service. Module Options msf use exploit/windows/sage/x3adxsrvauthbypasscmdexec msf...

10CVSS8.3AI score0.68801EPSS
Exploits7
Metasploit
Metasploitadded 2021/07/21 5:42 p.m.262 views

Sage X3 AdxAdmin Login Scanner

This module allows an attacker to perform a password guessing attack against the Sage X3 AdxAdmin service, which in turn can be used to authenticate to a local Windows account. This module implements the X3Crypt function to 'encrypt' any passwords to be used during the authentication process, giv...

5.3CVSS7.7AI score0.55955EPSS
Exploits6
CNNVD
CNNVDadded 2021/07/21 12:0 a.m.3 views

Sage Group Sage X3 安全漏洞

Sage Group Sage X3 is an application from Sage Group, Inc. an enterprise resource planning product developed for mature organizations. A security vulnerability exists in Sage X3 where the Metasploit module exploits an authentication bypass vulnerability in the Sage X3 AdxSrv management protocol t...

10CVSS8.1AI score0.68801EPSS
Exploits6References5
Packet Storm
Packet Stormadded 2021/07/21 12:0 a.m.300 views

Sage X3 Administration Service Authentication Bypass / Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sage X3 Administration Service Authentication Bypass Command Execution', 'Description' = %q This module leverages an authentication bypass exploi...

1AI score0.68801EPSS
Exploits7
ATTACKERKB
ATTACKERKBadded 2021/07/07 12:0 a.m.72 views

CVE-2020-7388

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

7.5CVSS2.7AI score0.68801EPSS
Exploits7References3
Rows per page
Query Builder