Vouching chris reply, do turn off AdxAdmin for day-to-day usage since it is a known security risk since 2021: https://www.rapid7.com/blog/post/2021/07/07/cve-2020-7387-7390-multiple-sage-x3-vulnerabilities/

Additionally, Sage X3 security best practices: online-help.sageerpx3.com/.../getting-started_security-best-practices.html

Vouching chris reply, do turn off AdxAdmin for day-to-day usage since it is a known security risk since 2021: https://www.rapid7.com/blog/post/2021/07/07/cve-2020-7387-7390-multiple-sage-x3-vulnerabilities/

Additionally, Sage X3 security best practices: online-help.sageerpx3.com/.../getting-started_security-best-practices.html

Hi everyone,

This is not a current known security risk. This has been fixed in April 2021 from versions PU9 to V12 2020R1 with hotfixes.

Any organization running X3 in a version less than 2022R4 isn't respecting Sage's support matrix and is taking a potential risk.

Sage X3 or database services should never be directly exposed to the Internet. Use a proper exposition mechanism like a reverse proxy/Load balancer, HTTPS and encryption.

For strong security requirements, disabling adxadmin out of maintenance operations is possible, but let's be clear: on an up to date X3 system, up to date OS, not directly exposed on the Internet, by the time an attacker uses adxadmin to hack your servers, your whole information system will be long gone. They will have used shared directories with loose access rights, permanent teamviewer, logmein or anydesk accesses, or things like that via user's laptops.

It's not a current security risk.      uno online