exploitDog

GHSA-r76m-38wv-wmv4

Опубликовано: 28 апр. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.

The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.

Ссылки

EPSS

Процентиль: 25%

0.00087

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-798

Связанные уязвимости

CVE-2022-41397

CVSS3: 9.8

nvd

почти 3 года назад

The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.

EPSS

Процентиль: 25%

0.00087

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-798