Known Vulnerabilities for products from Sage

Listed below are 12 of the newest known vulnerabilities associated with the vendor "Sage".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-29927 Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sag... 4.3 - MEDIUM 2023-05-16 2023-05-16
CVE-2022-41400 Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings... 9.8 - CRITICAL 2023-04-28 2023-04-28
CVE-2022-41399 The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to enc... 7.5 - HIGH 2023-04-28 2023-04-28
CVE-2022-41398 The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanyin... 7.5 - HIGH 2023-04-28 2023-04-28
CVE-2022-41397 The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key (... 9.8 - CRITICAL 2023-04-28 2023-04-28
CVE-2022-38583 On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Net... 7.8 - HIGH 2023-04-28 2023-04-28
CVE-2020-13893 Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay allow authenticated attackers to inject ... 5.4 - MEDIUM 2020-10-18 2020-10-27
CVE-2020-7390 Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Na... 5.4 - MEDIUM 2021-07-22 2021-08-02
CVE-2020-7389 Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via... 7.2 - HIGH 2021-07-22 2022-07-15
CVE-2020-7388 Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authent... 9.8 - CRITICAL 2021-07-22 2021-08-09
CVE-2020-7387 Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component tha... 5.3 - MEDIUM 2021-07-22 2021-08-09
CVE-2019-25053 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.5 - HIGH 2023-01-27 2023-02-06
CVE-2017-3183 Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authentica... 8.8 - HIGH 2018-07-24 2019-10-09
CVE-2007-0896 Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote ... 4.3 - MEDIUM 2007-02-13 2017-07-29
CVE-2006-4712 Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HT... 6.8 - MEDIUM 2006-09-12 2018-10-17
CVE-2006-4711 Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via... 4.3 - MEDIUM 2006-09-12 2008-09-05
CVE-2003-1243 Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via th... 4.3 - MEDIUM 2003-12-31 2017-07-11
CVE-2003-1242 Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which ret... 5 - MEDIUM 2003-12-31 2008-09-05

Known software with vulnerabilities from Sage

Type Vendor Product Version
ApplicationSageSage Timesheet9.85.1
ApplicationSageXrt Treasury3.0
Trademarks for Sage obtained from
Mark Image Details
4110666 79085943
4110667 79086121

Popular searches for "Sage"

sage | sāj | noun

sage | sj | noun Europe and the Mediterranean I E2. either of two bushy North American plants with silvery-gray leaves New Oxford American Dictionary Dictionary

Sage plant

Salvia officinalis is a perennial, evergreen subshrub, with woody stems, grayish leaves, and blue to purplish flowers. It is a member of the mint family Lamiaceae and native to the Mediterranean region, though it has been naturalized in many places throughout the world. It has a long history of medicinal and culinary use, and in modern times it has been used as an ornamental garden plant. The common name "sage" is also used for a number of related and unrelated species.

© 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license. and Source URL Uptime Status