exploitDog

CVE-2023-2809

Опубликовано: 04 окт. 2023

Источник: nvd

CVSS3: 7.8

CVSS3: 9.8

EPSS Низкий

Описание

Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sage:sage_200_spain:2023.38.001:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00149

Низкий

7.8 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-312

CWE-312

Связанные уязвимости

GHSA-3229-mfqx-wc57

CVSS3: 7.8

github

больше 2 лет назад

Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext.

EPSS

Процентиль: 36%

0.00149

Низкий

7.8 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-312

CWE-312