Unrated severityNVD Advisory· Published Jul 22, 2021· Updated Sep 16, 2024
Sage X3 Syracuse Missing Authentication for Critical Function in Developer Environment
CVE-2020-7389
Description
Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production.
Affected products
2- Sage/X3v5Range: V9
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixedmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.