CVE-2022-41397

Name of the Vulnerable Software and Affected Versions Sage 300 versions through 2022

Description The issue concerns the use of a hard-coded 40-byte blowfish key, specifically LandlordPassKey, for encrypting and decrypting secrets stored in configuration files and database tables. This is related to the optional Web Screens and Global Search features.

Recommendations For Sage 300 versions through 2022, consider disabling the Web Screens and Global Search features until a patch is available to mitigate the risk associated with the hard-coded blowfish key. Restrict access to configuration files and database tables to minimize the risk of exploitation. Avoid using the LandlordPassKey for any encryption or decryption processes in the affected features.