Skip to main content

Sage 300

2 CVEs product

Monthly

CVE-2023-29927 MEDIUM This Month

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Sage 300
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-38583 HIGH POC This Week

On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Sage 300
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
EPSS 0% CVSS 4.3
MEDIUM This Month

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Sage 300
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Sage 300
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy