Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production.
References
Link | Resource |
---|---|
https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed | Broken Link |
https://www.rapid7.com/blog/post/2021/07/07/cve-2020-7387-7390-multiple-sage-x3-vulnerabilities/ | Exploit Third Party Advisory |
https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
21 Nov 2024, 05:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 5.5 |
References | () https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed - Broken Link |
Information
Published : 2021-07-22 19:15
Updated : 2024-11-21 05:37
NVD link : CVE-2020-7389
Mitre link : CVE-2020-7389
CVE.ORG link : CVE-2020-7389
JSON object : View
Products Affected
sage
- x3
- syracuse