Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sage Group Sage 300 安全漏洞
Vulnerability Description
Sage Group Sage 300是英国Sage Group公司的一个完善的闭源企业资源规划 (ERP) 解决方案,旨在促进企业管理。 Sage Group Sage 300 2017版本至2022(6.4.x - 6.9.x)存在安全漏洞,该漏洞源于低权限的 Sage 300 工作站用户可能会滥用权限,以访问连接的 Sage 300 服务器上的 SharedData 文件夹。
CVSS Information
N/A
Vulnerability Type
N/A