Lucene search
PRIOn knowledge basePRION:CVE-2020-7387HistoryJul 22, 2021 - 7:15 p.m.
Design/Logic Flaw
2021-07-2219:15:00
PRIOn knowledge base
www.prio-n.com
6
Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin 93.2.53, which ships with updates for on-premises versions of Sage X3 Version 9 (components shipped with Syracuse 9.22.7.2 and later), Sage X3 HR & Payroll Version 9 (those components that ship with Syracuse 9.24.1.3), Version 11 (components shipped with Syracuse 11.25.2.6 and later), and Version 12 (components shipped with Syracuse 12.10.2.8 and later) of Sage X3. Other on-premises versions of Sage X3 are unsupported by the vendor.
Related
cve
cve
CVE-2020-7387
2021-07-22 19:15:08
CVE-2020-7388
2021-07-22 19:15:08
cvelist
cvelist
zdt
zdt
prion
prion
Design/Logic Flaw
2021-07-22 19:15:00
nvd
nvd
CVE-2020-7387
2021-07-22 19:15:08
CVE-2020-7388
2021-07-22 19:15:08
attackerkb
attackerkb
CVE-2020-7388
2021-07-07 00:00:00
packetstorm
packetstorm
Sage X3 Administration Service Authentication Bypass / Command Execution
2021-07-21 00:00:00
rapid7blog
rapid7blog
CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities
2021-07-07 13:05:00
Metasploit Wrap-Up
2021-07-23 19:39:14
Rapid7 2021 Wrap-Up: Highlights From a Year of Empowering the Protectors
2022-01-05 18:52:41
thn
thn
Critical Flaws Reported in Sage X3 Enterprise Management Software
2021-07-08 11:26:00
threatpost
threatpost
Critical Sage X3 RCE Bug Allows Full System Takeovers
2021-07-07 18:34:24
metasploit
metasploit
Sage X3 Administration Service Authentication Bypass Command Execution
2021-07-21 01:07:08
Sage X3 AdxAdmin Login Scanner
2021-07-21 01:07:08
