Primary

Context

Sage DPW Unauthenticated Information Disclosure Vulnerability in Database Monitor

Vulnerability

Patched

A vulnerability in Sage DPW version 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, which is disabled by default and not available in Sage DPW Cloud. The vulnerability exposes sensitive information such as database hashes and table names. This issue arises only in non-default, on-premise installations where the Database Monitor was manually enabled.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive database information, including user data such as email addresses, password hashes, salts, and metadata.

Remediation

Users can update to Sage DPW version 2025_06_004, where this vulnerability has been fixed.

Added: Apr 1, 2026, 4:48 PM

Updated: Apr 1, 2026, 4:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.3

remediation

8.3

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.3

remediation

8.3

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sage DPW Unauthenticated Information Disclosure Vulnerability in Database Monitor

Vulnerability

Impact

Remediation

Affected Products

Sage DPW

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating