Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production.
References
Link | Resource |
---|---|
https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed | Broken Link |
https://www.rapid7.com/blog/post/2021/07/07/cve-2020-7387-7390-multiple-sage-x3-vulnerabilities/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: rapid7
Published: 2021-07-07T00:00:00
Updated: 2021-07-22T18:27:15
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7389
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-22T19:15:08.517
Modified: 2022-07-15T17:51:46.770
Link: CVE-2020-7389
JSON object: View
Redhat Information
No data.