Sage X3
4 CVEs affecting Sage X3. Latest disclosed: 2021-07-22. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-7388 | Critical | 10.0 | 2021-07-22 | Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can b… |
CVE-2020-7389 | Medium | 5.5 | 2021-07-22 | Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web app… |
CVE-2020-7387 | Medium | 5.3 | 2021-07-22 | Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directo… |
CVE-2020-7390 | Medium | 4.6 | 2021-07-22 | Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address"… |