VYPR
Unrated severityNVD Advisory· Published Apr 28, 2023· Updated Jan 31, 2025

CVE-2022-41399

CVE-2022-41399

Description

The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database.

Affected products

2
  • Sage/Sagecpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=2022

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.