Four security vulnerabilities have been uncovered in Sage X3 enterprise resource planning product. Two of which could be chained together as part of an attack sequence to enable adversaries to execute malicious commands and take control of vulnerable systems. The vendor has since rolled out fixes in recent releases for the product that shipped in March. The most severe of the issues is CVE-2020-7388, which takes advantage of an administrative service accessible over the internet to craft malicious requests with the goal of running arbitrary commands on the server as the “NT AUTHORITY/SYSTEM” user.
Source: https://thehackernews.com/2021/07/critical-flaws-reported-in-sage-x3.html