Critical Sage X3 RCE Bug Allows Full System Takeovers
The Sage X3 enterprise resource planning (ERP) platform is being affected by four vulnerabilities. These vulnerabilities could allow attackers to tamper with or sabotage victims’ business-critical processes and could allow them to intercept data. One of the bugs rates a 10 out of 10 on the CVSS vulnerability-severity scale. Two of the bugs could be chained together to allow complete system takeovers, with supply-chain ramifications.
Sage X3 targets mid-sized companies, primarily manufacturers and distributors that are looking for efficient ERP functionality. The Sage X3 systems manages sales, finance, purchasing, customer relations, inventory, and manufacturing all in one solution. The most severe flaw is the remote administrator function of the platform, as a successful attack could affect the supply-chain in the cases where the victim delivers functionality and manufacturing for other businesses.