Juan González

**Name of the Vulnerable Software and Affected Versions** Sage 200 Spain version 2023.38.001 **Description** The issue is related to plaintext credential usage, which could allow a remote attacker to extract SQL database credentials from the DLL application. This could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext. **Recommendations** For Sage 200 Spain version 2023.38.001, consider updating to a newer version that addresses the plaintext credential usage vulnerability to prevent remote attackers from extracting SQL database credentials. As a temporary workaround, restrict access to the DLL application to minimize the risk of exploitation.