Security vulnerabilities in the Sage X3 ERP platform could allow attackers to tamper with or sabotage victims business-critical processes and to intercept data. One bug rates 10 out of 10 on the CVSS vulnerability-severity scale. Two of the bugs could be chained together to allow complete system takeovers, with potential supply-chain ramifications, researchers said. The bug is in the remote administrator function of the platform, which is targeted at mid-sized companies particularly manufacturers and distributors that are looking for all-in-one ERP functionality.
Source: https://threatpost.com/critical-sage-x3-rce-bug-allows-full-system-takeovers/167612/