2 matches found
CVE-2020-7387
Sage X3 CVE-2020-7387 concerns an Installation Pathname Disclosure in AdxDSrv.exe. A crafted packet can trigger a response revealing the product installation directory. The vulnerability can be chained with CVE-2020-7388 to enable full RCE. Remediation: AdxAdmin 93.2.53 and associated updates for...
CVE-2020-7388
CVE-2020-7388 affects Sage X3 AdxAdmin/AdxDSrv.exe, allowing unauthenticated RCE as SYSTEM by editing the client authentication request. The flaw bypasses credential validation; attacker may need to know the installation path (information learnable via CVE-2020-7387). Root cause involves the logi...