3 matches found
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...
CVE-2022-41399
The CVE-2022-41399 issue affects Sage 300 (through 2022) where the optional Web Screens feature uses a hard-coded 40-byte Blowfish key (PASS_KEY) to encrypt/decrypt the PORTAL database connection string in dbconfig.xml. This cryptographic weakness could allow an attacker to access the SQL databas...