Lucene search
K

9 matches found

NVD
NVD
added 2021/07/22 7:15 p.m.30 views

CVE-2020-7388

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

10CVSS0.70268EPSS
Exploits4References3
NVD
NVD
added 2021/07/22 7:15 p.m.44 views

CVE-2020-7387

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...

5.3CVSS0.35792EPSS
Exploits6References3
Prion
Prion
added 2021/07/22 7:15 p.m.31 views

Design/Logic Flaw

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

7.5CVSS6.7AI score0.70268EPSS
Exploits7References3Affected Software1
CVE
CVE
added 2021/07/22 6:27 p.m.95 views

CVE-2020-7388

CVE-2020-7388 affects Sage X3 AdxAdmin/AdxDSrv.exe, allowing unauthenticated RCE as SYSTEM by editing the client authentication request. The flaw bypasses credential validation; attacker may need to know the installation path (information learnable via CVE-2020-7387). Root cause involves the logi...

10CVSS7.6AI score0.70268EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2021/07/22 6:27 p.m.31 views

CVE-2020-7388 Sage X3 AdxAdmin Unauthenticated Command Execution Bypass by Spoofing

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

10CVSS6AI score0.70268EPSS
Exploits4References2
Cvelist
Cvelist
added 2021/07/22 6:27 p.m.41 views

CVE-2020-7387 Sage X3 AdxAdmin Exposure of Sensitive Information to an Unauthorized Actor

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...

5.3CVSS6AI score0.35792EPSS
Exploits6References2
CVE
CVE
added 2021/07/22 6:27 p.m.130 views

CVE-2020-7387

Sage X3 CVE-2020-7387 concerns an Installation Pathname Disclosure in AdxDSrv.exe. A crafted packet can trigger a response revealing the product installation directory. The vulnerability can be chained with CVE-2020-7388 to enable full RCE. Remediation: AdxAdmin 93.2.53 and associated updates for...

5.3CVSS6.6AI score0.35792EPSS
Exploits6References3Affected Software1
ThreatPost
ThreatPost
added 2021/07/07 6:34 p.m.72 views

Critical Sage X3 RCE Bug Allows Full System Takeovers

Four vulnerabilities afflict the popular Sage X3 enterprise resource planning ERP platform, researchers found – including one critical bug that rates 10 out of 10 on the CVSS vulnerability-severity scale. Two of the bugs could be chained together to allow complete system takeovers, with potential...

10CVSS7.7AI score0.70268EPSS
Exploits9References5
ATTACKERKB
ATTACKERKB
added 2021/07/07 12:0 a.m.76 views

CVE-2020-7388

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

7.5CVSS2.7AI score0.70268EPSS
Exploits7References3
Rows per page
Query Builder