VYPR

Vendor CVEs

Sage

All CVEs

36 total · sorted by risk
  • CVE-2017-3183HigJul 24, 2018
    risk 0.57cvss 8.8epss 0.02

    Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access…

  • CVE-2025-1887HigMar 7, 2025
    risk 0.46cvss epss 0.00

    SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by…

  • CVE-2025-1886HigMar 7, 2025
    risk 0.46cvss epss 0.00

    Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials.

  • CVE-2025-67805MedApr 1, 2026
    risk 0.38cvss 5.9epss 0.00

    A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never…

  • CVE-2025-67807MedApr 1, 2026
    risk 0.31cvss 4.7epss 0.00

    The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behaviour in newer versions.

  • CVE-2025-67806LowApr 1, 2026
    risk 0.24cvss 3.7epss 0.00

    The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions.

  • CVE-2020-7388Jul 22, 2021
    risk 0.09cvss epss 0.70

    Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can…

  • CVE-2003-1242Dec 31, 2003
    risk 0.04cvss epss 0.07

    Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message.

  • CVE-2007-0896Feb 13, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.

  • CVE-2025-51533Aug 7, 2025
    risk 0.00cvss epss 0.00

    An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.

  • CVE-2025-51531Aug 6, 2025
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The…

  • CVE-2025-51532Aug 6, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025.

  • CVE-2024-56882Feb 18, 2025
    risk 0.00cvss epss 0.00

    Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who…

  • CVE-2024-56883Feb 18, 2025
    risk 0.00cvss epss 0.01

    Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they…

  • CVE-2024-48648Oct 30, 2024
    risk 0.00cvss epss 0.00

    A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sage 1000 v 7.0.0. This vulnerability allows attackers to inject malicious scripts into URLs, which are reflected back by the server in the response without proper sanitization or encoding.

  • CVE-2024-48647Oct 30, 2024
    risk 0.00cvss epss 0.01

    A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive…

  • CVE-2024-48646Oct 30, 2024
    risk 0.00cvss epss 0.01

    An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may…

  • CVE-2023-2809Oct 4, 2023
    risk 0.00cvss epss 0.00

    Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution…

  • CVE-2023-29927May 16, 2023
    risk 0.00cvss epss 0.00

    Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover…

  • CVE-2022-41398Apr 28, 2023
    risk 0.00cvss epss 0.01

    The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information.

  • CVE-2022-41399Apr 28, 2023
    risk 0.00cvss epss 0.01

    The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to…

  • CVE-2022-41400Apr 28, 2023
    risk 0.00cvss epss 0.01

    Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings.

  • CVE-2022-41397Apr 28, 2023
    risk 0.00cvss epss 0.01

    The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.

  • CVE-2022-38583Apr 28, 2023
    risk 0.00cvss epss 0.00

    On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to…

  • CVE-2019-25053Jan 27, 2023
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL.

  • CVE-2022-34322Jan 1, 2023
    risk 0.00cvss epss 0.01

    Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify Users…

  • CVE-2022-34324Jan 1, 2023
    risk 0.00cvss epss 0.12

    Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History.

  • CVE-2022-34323Jan 1, 2023
    risk 0.00cvss epss 0.00

    Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and…

  • CVE-2021-45492Jul 14, 2022
    risk 0.00cvss epss 0.00

    In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because the Sage installer fails to set…

  • CVE-2020-13893Oct 18, 2020
    risk 0.00cvss epss 0.01

    Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the…

  • CVE-2020-26584Oct 16, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user's browser.…

  • CVE-2020-26583Oct 16, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It allows unauthenticated users to upload JavaScript (in a file) via the expenses claiming functionality. However, to view the file, authentication is required. By exploiting this vulnerability, an attacker can…

  • CVE-2011-3384Sep 8, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102.

  • CVE-2006-4711Sep 12, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.

  • CVE-2006-4712Sep 12, 2006
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use…

  • CVE-2001-1070Aug 31, 2001
    risk 0.00cvss epss 0.01

    Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters.