CVE-2022-41400

Published: Apr 28, 2023

Modified: Jan 30, 2025

PUBLISHED

Description

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.sage.com/en-ca/products/sage-300/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-41400

Description

Affected Products

References