cvedb.io
CVE-2022-41400
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2023-04-28T13:15:13.560 · Last modified 2026-06-17T05:03:08.470

Summary

Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings.

Affected products

sage — sage_300

Does this affect you?

Add your gear to cvedb and we'll alert you only when sage ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.