Known Vulnerabilities for products from Sage
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Sage".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-29927 | Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sag... | 4.3 - MEDIUM | 2023-05-16 | 2023-05-16 |
| CVE-2022-41400 | Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings... | 9.8 - CRITICAL | 2023-04-28 | 2023-04-28 |
| CVE-2022-41399 | The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to enc... | 7.5 - HIGH | 2023-04-28 | 2023-04-28 |
| CVE-2022-41398 | The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanyin... | 7.5 - HIGH | 2023-04-28 | 2023-04-28 |
| CVE-2022-41397 | The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key (... | 9.8 - CRITICAL | 2023-04-28 | 2023-04-28 |
| CVE-2022-38583 | On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Net... | 7.8 - HIGH | 2023-04-28 | 2023-04-28 |
| CVE-2020-13893 | Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject ... | 5.4 - MEDIUM | 2020-10-18 | 2020-10-27 |
| CVE-2020-7390 | Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Na... | 5.4 - MEDIUM | 2021-07-22 | 2021-08-02 |
| CVE-2020-7389 | Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via... | 7.2 - HIGH | 2021-07-22 | 2022-07-15 |
| CVE-2020-7388 | Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authent... | 9.8 - CRITICAL | 2021-07-22 | 2021-08-09 |
| CVE-2020-7387 | Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component tha... | 5.3 - MEDIUM | 2021-07-22 | 2021-08-09 |
| CVE-2019-25053 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-01-27 | 2023-02-06 |
| CVE-2017-3183 | Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authentica... | 8.8 - HIGH | 2018-07-24 | 2019-10-09 |
| CVE-2007-0896 | Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote ... | 4.3 - MEDIUM | 2007-02-13 | 2017-07-29 |
| CVE-2006-4712 | Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HT... | 6.8 - MEDIUM | 2006-09-12 | 2018-10-17 |
| CVE-2006-4711 | Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via... | 4.3 - MEDIUM | 2006-09-12 | 2008-09-05 |
| CVE-2003-1243 | Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via th... | 4.3 - MEDIUM | 2003-12-31 | 2017-07-11 |
| CVE-2003-1242 | Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which ret... | 5 - MEDIUM | 2003-12-31 | 2008-09-05 |
Known software with vulnerabilities from Sage
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Sage | Easypay | 10.7.5.10 |
| Application | Sage | Sage Timesheet | 9.85.1 |
| Application | Sage | Xrt Treasury | 3.0 |
Trademarks for Sage obtained from uspto.report
| Mark Image | Details |
|---|---|
"SAFE X3" 4110666 79085943 |
SAFE X3
SAGE 2010-06-07 |
"SAGE ERP X3" 4110667 79086121 |
SAGE ERP X3
SAGE 2010-06-07 |
Popular searches for "Sage"
sage | sāj | noun
sage | sj | noun Europe and the Mediterranean I E2. either of two bushy North American plants with silvery-gray leaves New Oxford American Dictionary Dictionary
Sage plant
Salvia officinalis is a perennial, evergreen subshrub, with woody stems, grayish leaves, and blue to purplish flowers. It is a member of the mint family Lamiaceae and native to the Mediterranean region, though it has been naturalized in many places throughout the world. It has a long history of medicinal and culinary use, and in modern times it has been used as an ornamental garden plant. The common name "sage" is also used for a number of related and unrelated species.