Sage
by Sage
CVEs (35)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3183 | Hig | 0.57 | 8.8 | 0.02 | Jul 24, 2018 | Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access… | ||
| CVE-2025-1887 | Hig | 0.46 | — | 0.00 | Mar 7, 2025 | SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by… | ||
| CVE-2025-1886 | Hig | 0.46 | — | 0.00 | Mar 7, 2025 | Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials. | ||
| CVE-2025-67805 | Med | 0.38 | 5.9 | 0.00 | Apr 1, 2026 | A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never… | ||
| CVE-2025-67807 | Med | 0.31 | 4.7 | 0.00 | Apr 1, 2026 | The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behaviour in newer versions. | ||
| CVE-2025-67806 | Low | 0.24 | 3.7 | 0.00 | Apr 1, 2026 | The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions. | ||
| CVE-2020-7388 | 0.09 | — | 0.70 | Jul 22, 2021 | Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can… | |||
| CVE-2003-1242 | 0.04 | — | 0.07 | Dec 31, 2003 | Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message. | |||
| CVE-2007-0896 | 0.03 | — | 0.02 | Feb 13, 2007 | Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712. | |||
| CVE-2025-51533 | 0.00 | — | 0.00 | Aug 7, 2025 | An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request. | |||
| CVE-2025-51532 | 0.00 | — | 0.00 | Aug 6, 2025 | Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025. | |||
| CVE-2025-51531 | 0.00 | — | 0.00 | Aug 6, 2025 | A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The… | |||
| CVE-2024-56883 | 0.00 | — | 0.01 | Feb 18, 2025 | Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they… | |||
| CVE-2024-56882 | 0.00 | — | 0.00 | Feb 18, 2025 | Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who… | |||
| CVE-2024-48648 | 0.00 | — | 0.00 | Oct 30, 2024 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sage 1000 v 7.0.0. This vulnerability allows attackers to inject malicious scripts into URLs, which are reflected back by the server in the response without proper sanitization or encoding. | |||
| CVE-2024-48647 | 0.00 | — | 0.01 | Oct 30, 2024 | A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive… | |||
| CVE-2024-48646 | 0.00 | — | 0.01 | Oct 30, 2024 | An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may… | |||
| CVE-2023-2809 | 0.00 | — | 0.00 | Oct 4, 2023 | Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution… | |||
| CVE-2023-29927 | 0.00 | — | 0.00 | May 16, 2023 | Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover… | |||
| CVE-2022-41398 | 0.00 | — | 0.01 | Apr 28, 2023 | The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. |
- risk 0.57cvss 8.8epss 0.02
Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access…
- risk 0.46cvss —epss 0.00
SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by…
- risk 0.46cvss —epss 0.00
Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials.
- risk 0.38cvss 5.9epss 0.00
A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never…
- risk 0.31cvss 4.7epss 0.00
The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behaviour in newer versions.
- risk 0.24cvss 3.7epss 0.00
The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions.
- CVE-2020-7388Jul 22, 2021risk 0.09cvss —epss 0.70
Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can…
- CVE-2003-1242Dec 31, 2003risk 0.04cvss —epss 0.07
Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message.
- CVE-2007-0896Feb 13, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.
- CVE-2025-51533Aug 7, 2025risk 0.00cvss —epss 0.00
An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.
- CVE-2025-51532Aug 6, 2025risk 0.00cvss —epss 0.00
Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025.
- CVE-2025-51531Aug 6, 2025risk 0.00cvss —epss 0.00
A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The…
- CVE-2024-56883Feb 18, 2025risk 0.00cvss —epss 0.01
Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they…
- CVE-2024-56882Feb 18, 2025risk 0.00cvss —epss 0.00
Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who…
- CVE-2024-48648Oct 30, 2024risk 0.00cvss —epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sage 1000 v 7.0.0. This vulnerability allows attackers to inject malicious scripts into URLs, which are reflected back by the server in the response without proper sanitization or encoding.
- CVE-2024-48647Oct 30, 2024risk 0.00cvss —epss 0.01
A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive…
- CVE-2024-48646Oct 30, 2024risk 0.00cvss —epss 0.01
An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may…
- CVE-2023-2809Oct 4, 2023risk 0.00cvss —epss 0.00
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution…
- CVE-2023-29927May 16, 2023risk 0.00cvss —epss 0.00
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover…
- CVE-2022-41398Apr 28, 2023risk 0.00cvss —epss 0.01
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information.
Page 1 of 2