Description
On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server.
References (2)
Core 2
Core References
Vendor Advisory
http://sage.com
Exploit, Third Party Advisory
https://www.controlgap.com/blog/sage-300-case-study
Scores
CVSS v3
7.8
EPSS
0.0027
EPSS Percentile
18.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-276
Status
published
Products (1)
sage/sage_300
2017 - 2022
Published
Apr 28, 2023
Tracked Since
Feb 18, 2026