📦 Sage 300

Sage 300's optional Web Screens and Global Search features use a hard-coded encryption key ('LandlordPassKey') to protect sensitive data in configuration files and databases. This allows attackers who...

Sage 300 uses a hard-coded encryption key to protect sensitive data like passwords and SQL connection strings. Attackers who gain access to the encrypted database files can decrypt this information. A...

This vulnerability allows low-privileged Sage 300 workstation users to access and modify credentials stored in the SharedData folder on connected servers. Attackers can impersonate users and gain syst...

Sage 300's optional Web Screens feature uses a hard-coded encryption key to protect database credentials, allowing attackers who can access the configuration file to decrypt and gain unauthorized acce...

This vulnerability allows unprivileged users to escalate privileges to SYSTEM via DLL search-order hijacking in Sage 300 ERP. The installer places a writable directory in the system PATH, enabling att...