Security vulnerability plan for Redis

Question

Hi, 
 Which Sage 300 CRE will remediate below Redis vulnerability?

Redis: Incorrect Type Conversion or Cast (CVE-2018-12453)

Redis: Out-of-bounds Write (CVE-2020-14147)

Redis: Security Features (CVE-2016-10517)

Redis: Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2018-12326)

Redis: Out-of-bounds Write (CVE-2019-10192)

Redis: Out-of-bounds Write (CVE-2019-10193)

Redis: Out-of-bounds Read (CVE-2021-32761)

Erzsi_I · Answer

Hi Allan Chok , 
 Thank you for reaching out to us regarding your concerns about the Redis vulnerabilities in relation to Sage 300 CRE. We understand the importance of maintaining a secure system and are committed to providing support for such critical matters. 
 It's important to note that the security of our customer solutions is a top priority, and we undertake regular proactive testing across our products. As you're using Sage 300 CRE internationally, we recommend directly contacting your account manager or our support team for detailed guidance tailored to your version and specific use case. 
 In the meantime, if you haven't already, please ensure that you are on the latest version of the software , as upgrading often resolves known vulnerabilities. Here are some steps that may also help enhance your system's security: 
 
 Ensure all software and third-party components are up to date with the latest patches. 
 Follow the instructions for enabling additional Redis logging for Sage SQL Replicator provided in our knowledge base, as this could help in identifying and troubleshooting potential issues. 
 Consider reaching out to the Redis community or support channels for updates on patches or workarounds specifically for the CVEs you have listed. 
 
 If you need further assistance or have any other concerns, please do not hesitate to contact us. 
 Warm Regards, Erzsi

Sage Construction & Real Estate

Security vulnerability plan for Redis

COMMUNITY

COMPANY

PARTNERS

SUPPORT & TRAINING