CVE-2020-7387

MEDIUM

Sage X3 AdxAdmin < 93.2.53 - Installation Path Disclosure via AdxDSrv.exe Response

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-7387. Includes Metasploit module exploits/windows/sage/x3_adxsrv_auth_bypass_cmd_exec.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass in Sage X3 AdxSrv's administration protocol to execute arbitrary commands as SYSTEM. It leverages CVE-2020-7387 (info leak) and CVE-2020-7388 (RCE) to write and execute payloads on the target system.

Description

Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fixed in AdxAdmin 93.2.53, which ships with updates for on-premises versions of Sage X3 Version 9 (components shipped with Syracuse 9.22.7.2 and later), Sage X3 HR & Payroll Version 9 (those components that ship with Syracuse 9.24.1.3), Version 11 (components shipped with Syracuse 11.25.2.6 and later), and Version 12 (components shipped with Syracuse 12.10.2.8 and later) of Sage X3. Other on-premises versions of Sage X3 are unsupported by the vendor.

Exploits (1)

metasploit WORKING POC GOOD

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/sage/x3_adxsrv_auth_bypass_cmd_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass in Sage X3 AdxSrv's administration protocol to execute arbitrary commands as SYSTEM. It leverages CVE-2020-7387 (info leak) and CVE-2020-7388 (RCE) to write and execute payloads on the target system.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sage X3 AdxSrv

No auth needed

Prerequisites: Network access to port 1818 · Sage X3 AdxAdmin service running

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Broken Link x_refsource_misc

https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed

Patch, Vendor Advisory x_refsource_confirm

https://www.sagecity.com/gb/sage-x3-uk/f/sage-x3-uk-announcements-news-and-alerts/147993/sage-x3-latest-patches

Exploit, Third Party Advisory

https://www.rapid7.com/blog/post/2021/07/07/cve-2020-7387-7390-multiple-sage-x3-vulnerabilities/

Scores

CVSS v3 5.3

EPSS 0.3579

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

sage/adxadmin < 93.2.53

Published Jul 22, 2021

Tracked Since Feb 18, 2026