Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use of Cleartext credentials in Sage 200 Spain
Vulnerability Description
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
敏感数据的明文存储
Vulnerability Title
Sage 200c 安全漏洞
Vulnerability Description
Sage 200c是英国Sage公司的一款适用于所有企业的功能齐全的中端市场 ERP 软件。 Sage 200c 2023.38.001 版本存在安全漏洞,该漏洞源于应用存在明文凭据,远程攻击者利用该漏洞可能从 DLL 应用程序中提取 SQL 数据库凭据,并提升 Windows 系统上的权限。
CVSS Information
N/A
Vulnerability Type
N/A