Updates have been released that resolve these issues. These updates are reportedly available to registered customers through the vendor's support portal. Please see the referenced support page for more information.
SalesLogix slxweb.dll/view id Parameter SQL Injection
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
SalesLogix contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "id" variable in the slxweb.dll module is not verified properly and will allow an attacker to inject or manipulate SQL queries. Database table and field names may also be disclosed resulting in a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, SalesLogix has released a patch to address this vulnerability.