[原文]SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707.
Updates have been released that resolve these issues. These updates are reportedly available to registered customers through the vendor's support portal. Please see the referenced support page for more information.
SalesLogix contains a flaw that may allow a malicious user to perform a man-in-the-middle attack. The issue is due to the server not authenticating the client before allowing the client's commands to be executed. It is possible that the flaw may allow the attacker to render all client/server communications insecure and gain complete access to the server, resulting in a loss of confidentiality and integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, SalesLogix has released a patch to address this vulnerability.