Critical Sage X3 RCE Bug Allows Full System Takeovers

Four vulnerabilities afflict the popular Sage X3 enterprise resource planning (ERP) platform, researchers found – including one critical bug that rates 10 out of 10 on the CVSS vulnerability-severity scale. Two of the bugs could be chained together to allow complete system takeovers, with potential supply-chain ramifications, they said.

Sage X3 is targeted at mid-sized companies – particularly manufacturers and distributors – that are looking for all-in-one ERP functionality. The system manages sales, finance, inventory, purchasing, customer-relationship management and manufacturing in one integrated ERP software solution.

Read more…
Source: ThreatPost