What is CVE-2020-7388?

CVE-2020-7388 is a critical-severity vulnerability in Sage X3, classified under Authentication Bypass by Spoofing. CVSS score: 10.0/10. Published 2021-07-22.

How severe is CVE-2020-7388?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Is CVE-2020-7388 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sage X3

CVE-2020-7388

Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the…

EPSS: 0.688 (98.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N.

Affected products

Sage X3 — versions 93.2.53

Weakness classification (CWE)

CWE-290 — Authentication Bypass by Spoofing

Public proof-of-concept exploits

References

rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed (x_refsource_MISC)
www.sagecity.com/gb/sage-x3-uk/f/sage-x3-uk-announcements-news-and-alerts/14799… (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-7388?: CVE-2020-7388 is a critical-severity vulnerability in Sage X3, classified under Authentication Bypass by Spoofing. CVSS score: 10.0/10. Published 2021-07-22.
How severe is CVE-2020-7388?: Critical severity. CVSS v3 base score is 10.0 out of 10.
Is CVE-2020-7388 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.