The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.
References
Link | Resource |
---|---|
https://www.sage.com/en-ca/products/sage-300/ | Product |
Configurations
History
No history.
Information
Published : 2023-04-28 13:15
Updated : 2024-02-28 20:13
NVD link : CVE-2022-41397
Mitre link : CVE-2022-41397
CVE.ORG link : CVE-2022-41397
JSON object : View
Products Affected
sage
- sage_300
CWE
CWE-798
Use of Hard-coded Credentials