Sage.X3.Admin.Service.Remote.Command.Execution
Description
This indicates an attack attempt to exploit an Arbitrary File Upload Vulnerability in Sage X3.
The vulnerability is due to insufficient input validation while handling a crafted request. An remote attacker can exploit this vulnerability by sending a crafted packet to the target server. Results in the writing of an arbitrary code or data to the target server, potentially leading to the execution of arbitrary code.
Affected Products
Sage ADXADMIN before version 93.2.53
Sage X3 version 9.0
Sage X3 version 11.0
Sage X3 version 12.0
Sage X3 HR&Payroll version 9.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.sagecity.com/gb/sage-x3-uk/f/sage-x3-uk-announcements-news-and-alerts/147993/sage-x3-latest-patches
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |