8175 matches found
CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...
CVE-2022-41400
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...
CVE-2022-41398
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information...
CVE-2022-41398
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information...
CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...
PT-2023-13978 · Apache +1 · Apache Solr +1
Name of the Vulnerable Software and Affected Versions: Sage 300 versions through 2022 Description: The optional Global Search feature for Sage 300 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with...
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
PT-2023-13977 · Sage · Sage 300
Name of the Vulnerable Software and Affected Versions: Sage 300 versions through 2022 Description: The issue concerns the use of a hard-coded 40-byte blowfish key, specifically LandlordPassKey, for encrypting and decrypting secrets stored in configuration files and database tables. This is relate...
CVE-2022-41399
The CVE-2022-41399 issue affects Sage 300 (through 2022) where the optional Web Screens feature uses a hard-coded 40-byte Blowfish key (PASS_KEY) to encrypt/decrypt the PORTAL database connection string in dbconfig.xml. This cryptographic weakness could allow an attacker to access the SQL databas...
Sage Group Sage 300 信任管理问题漏洞
Sage Group Sage 300 is a well-established closed-source Enterprise Resource Planning ERP solution from Sage Group, UK, designed to facilitate the management of an organization. A security vulnerability exists in Sage Group Sage 300 version 2022 and prior versions, which stems from the use of a se...
Sage Group Sage 300 信任管理问题漏洞
Sage Group Sage 300 is a well-established closed-source Enterprise Resource Planning ERP solution from Sage Group, UK, designed to facilitate the management of organizations. A security vulnerability exists in Sage Group Sage 300 version 2022 and prior versions, which stems from the use of a...
CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...
PT-2023-13979 · Sage · Sage 300
Name of the Vulnerable Software and Affected Versions: Sage 300 versions through 2022 Description: The optional Web Screens feature uses a hard-coded 40-byte blowfish key PASS KEY to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue...
Sage Group Sage 300 信任管理问题漏洞
Sage Group Sage 300 is a well-established, closed-source enterprise resource planning ERP solution from Sage Group UK, designed to facilitate the management of an organization. A security vulnerability exists in Sage Group Sage 300 version 2022 and prior versions that stems from the use of a...
CVE-2022-41397
CVE-2022-41397 concerns Sage 300 (through version 2022) where the optional Web Screens and Global Search features use a hard-coded 40-byte Blowfish key, “LandlordPassKey,” to encrypt/decrypt secrets stored in configuration files and in database tables. This key is embedded in the feature’s encryp...
Sage Group Sage 300 信任管理问题漏洞
Sage Group Sage 300 is a well-established, closed-source enterprise resource planning ERP solution from Sage Group UK designed to facilitate business management. A security vulnerability exists in Sage Group Sage 300 version 2022 and prior versions that stems from the use of a hard-coded puffer k...
PT-2023-13980 · Sage · Sage 300
Name of the Vulnerable Software and Affected Versions: Sage 300 versions through 2022 Description: The issue involves the use of a hard-coded 40-byte blowfish key for encrypting and decrypting user passwords and SQL connection strings stored in ISAM database files. This could allow attackers to...
CVE-2022-41400
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...
CVE-2022-41398
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information...
CVE-2022-41398
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information...