Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Sage 300 Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2022-41397

The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.

9.8CVSS

9.3AI Score

0.002EPSS

2023-04-28 01:15 PM
17
cve
cve

CVE-2022-41400

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings.

9.8CVSS

9.4AI Score

0.002EPSS

2023-04-28 01:15 PM
15