CVE-2022-41400
CVSS V2 None
CVSS V3 None
Description
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings.
Overview
- CVE ID
- CVE-2022-41400
- Assigner
- cve@mitre.org
- Vulnerability Status
- Received
- Published Version
- 2023-04-28T13:15:13
- Last Modified Date
- 2023-04-28T13:15:13
References
| Reference URL | Reference Tags |
|---|---|
| https://www.sage.com/en-ca/products/sage-300/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-41400 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41400 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-28 14:00:58 | Added to TrackCVE |