CVE-2020-7389
5.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Summary
Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Sage | X3 | V9 < Syracuse 9.22.7.2 | affected |
| Sage | X3 | V11 < Syracuse 11.25.2.6 | affected |
| Sage | X3 | V12 < Syracuse 12.10.2.8 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.