CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-7389

Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.064

EPSS Ranking 90.7%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 9.0

References

https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed
https://www.rapid7.com/blog/post/2021/07/07/cve-2020-7387-7390-multiple-sage-x3-vulnerabilities/
https://rapid7.com/blog/post/2021/07/07/sage-x3-multiple-vulnerabilities-fixed

Products affected by CVE-2020-7389

Sage » Syracuse » Version: 11.0

cpe:2.3:a:sage:syracuse:11.0
Sage » Syracuse » Version: 12.0

cpe:2.3:a:sage:syracuse:12.0
Sage » Syracuse » Version: 12.10.0

cpe:2.3:a:sage:syracuse:12.10.0
Sage » Syracuse » Version: 9.0

cpe:2.3:a:sage:syracuse:9.0
Sage » X3 » Version: 11.0

cpe:2.3:a:sage:x3:11.0
Sage » X3 » Version: 12.0

cpe:2.3:a:sage:x3:12.0
Sage » X3 » Version: 9.0

cpe:2.3:a:sage:x3:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7389

Products

Pricing

Contact Us