CVE-2023-2809

EPSS 0.15%
Published 04.10.2023 11:15:10
Last modified 21.11.2024 07:59:19
Source cve-coordination@incibe.es
Teams watchlist Login
Open Login

Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Sage ≫ Sage 200 Spain Version2023.38.001

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.366

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve-coordination@incibe.es	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://www.incibe.es/en/incibe-cert/notices/aviso/use-cleartext-credentials-sage-200

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-2809

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-2809

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-2809

EUVD