Sage X3 software vulnerability detected and corrected
Cybersecurity company Rapid7 said on Wednesday it had found several security flaws in Sage X3 ERP software.
According to Rapid7, four security holes were discovered by company researchers. The first two were protocol-related issues involving the remote administration of Sage X3, and the last two were web application vulnerabilities.
Rapid7 recommends that you do not directly expose Sage X3 installations to the Internet, but make them available through a secure VPN connection if necessary. The company said this effectively mitigates all four vulnerabilities, although customers are still encouraged to update on their regular patch cycle schedules.
Sage has been made aware of the vulnerabilities and has taken immediate action to address them.
âSage takes the security of its customer solutions very seriously and regularly undertakes proactive testing of its products to identify potential vulnerabilities and provide fixes,â a company spokesperson said. Accounting today. âWe thank Rapid7 for recently reporting a vulnerability in our on-premises Sage X3 product. Sage and our partners have released a patch for the vulnerability, contacted all affected customers, and advised them on the rest of the process. “
Following recent cyber attacks on Colonial Pipeline and JBL, companies must be extra vigilant with their ERP software. Sage X3 is often used for supply chain management in medium to large organizations, which could make it a target for this particular type of cybercrime.
Sage will automatically apply the patch to Sage X3 customer environments as part of its standard maintenance. More information can be found here.