Lucene search
K

7 matches found

Rapid7 Blog
Rapid7 Blog
added 2021/07/23 7:39 p.m.329 views

Metasploit Wrap-Up

Now I Control Your Resource Planning Servers Sage X3 is a resource planning product designed by Sage Group which is designed to help established businesses plan out their business operations. But what if you wanted to do more than just manage resources? What if you wanted to hijack the resource...

10CVSS0.94089EPSS
Exploits21
NVD
NVD
added 2021/07/22 7:15 p.m.32 views

CVE-2020-7388

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

10CVSS0.70268EPSS
Exploits4References3
Prion
Prion
added 2021/07/22 7:15 p.m.27 views

Design/Logic Flaw

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin...

5CVSS6.9AI score0.70268EPSS
Exploits7References3Affected Software1
CVE
CVE
added 2021/07/22 6:27 p.m.96 views

CVE-2020-7388

CVE-2020-7388 affects Sage X3 AdxAdmin/AdxDSrv.exe, allowing unauthenticated RCE as SYSTEM by editing the client authentication request. The flaw bypasses credential validation; attacker may need to know the installation path (information learnable via CVE-2020-7387). Root cause involves the logi...

10CVSS7.6AI score0.70268EPSS
Exploits4References3Affected Software1
Metasploit
Metasploit
added 2021/07/21 5:42 p.m.96 views

Sage X3 Administration Service Authentication Bypass Command Execution

This module leverages an authentication bypass exploit within Sage X3 AdxSrv's administration protocol to execute arbitrary commands as SYSTEM against a Sage X3 Server running an available AdxAdmin service. Module Options msf use exploit/windows/sage/x3adxsrvauthbypasscmdexec msf...

10CVSS8.3AI score0.70268EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/07/21 12:0 a.m.328 views

Sage X3 Administration Service Authentication Bypass / Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sage X3 Administration Service Authentication Bypass Command Execution', 'Description' = %q This module leverages an authentication bypass exploi...

1AI score0.70268EPSS
Exploits7
Circl
Circl
added 2021/07/09 4:5 p.m.11 views

CVE-2020-7388

creationtimestamp| type| source ---|---|--- 2021-07-09 16:05:11+00:00| seen| https://t.me/truesecator/1904 2021-07-21 01:45:10+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/sage/x3adxsrvauthbypasscmdexec.rb 2021-09-21 04:41:55+00:00| seen|...

10CVSS7.5AI score0.70268EPSS
Exploits4References3
Rows per page
Query Builder