Perhaps, you have been perplexed with the problem of whether to upgrade your current Sage SalesLogix version or not, or, perhaps, you are looking to acquire one of the new versions and would like more information on the latest version of SalesLogix. Whichever is the case, some of the reasons presented here such as most common errors and their consequences in older versions of Sage SalesLogix, call for an upgrade.
SLX v6 Error Types fixed in SLX v7
Error 1: A design error in the handling of user sessions
Consequences: Can be exploited to bypass the user authentication and log in as an arbitrary user without knowing the password by manipulating user information stored in a cookie.
Error 2: Input validation errors when processing invalid requests
Consequences: Can cause the request handling process to crash in "slxweb.dll" and return an error response disclosing the full path to the script.
Error 3: Input passed to the "id" parameter in "slxweb.dll/view" is not properly sanitized before being used in a SQL query.
Consequences: This error can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Error 4: Some sensitive system information is sent to the client
Consequences: Can be exploited to gain knowledge of username and password for the database.
Error 5: The SLX protocol used for communication between clients and servers does not protect against man-in-the-middle attacks.
Consequences: Can be exploited to gain knowledge of sensitive information.
Error 6: The server does not authenticate users when receiving incoming requests to port 1707/TCP
Consequences: This error can be exploited to pass arbitrary SLX commands to the server and disclose sensitive information.
Error 7: An input validation error in "ProcessQueueFile"
Consequences: Can be exploited to upload files to arbitrary locations via directory traversal attacks.
The vulnerabilities have been reported in version 6.1. Other versions may also be affected.
Besides the multitude of errors and bugs that are fixed in newer versions of Sage SalesLogix, you might want to consider upgrading your SalesLogix to achieve better functionality with Advanced Microsoft Outlook Integration, upgraded SQL support creating more flexible screens, better support for latest mobile devices and remote users as well as a higher level of security.
One of the pressing issues for upgrading is SalesLogix version retirement. Even thought QISYS SalesLogix still supports older versions of Sage SalesLogix, upgrading to newer versions has its benefits. To constantly improve and deliver innovative products, services and solutions for your business, older SalesLogix versions retire, meanwhile, new Sage CRM SalesLogix versions, bursting with new features, come into the market allowing your company to grow, progress and keep its competitive advantage.
Below is a brief outline of the various versions of SalesLogix and their respective retirement dates, for more information take a look at SalesLogix Upgrade or speak with QISYS SalesLogix directly.
| SalesLogix v6.0 |
December 1, 2005 |
May 1, 2006 |
| SalesLogix v5.2 |
January 1, 2006 |
January 1, 2007 |
| SalesLogix v6.1 |
March 1, 2006 |
March 1, 2007 |
Note: From Critical Fix Only Date until the Planned Retirement Date, Sage Software will provide updates only in the event of security and critical data loss issues. Contact QISYS SalesLogix if you need support for your version of SalesLogix.
Note: On the Planned Retirement Date, all maintenance will cease for that version and Sage Software will no longer provide updates of any kind and Customer Support will be discontinued, or very limited. Contact QISYS SalesLogix if you need support for your even officially unsupported by Sage version of SalesLogix.
Important: Sage SalesLogix v6.0 was retired as of May 1, 2006 . If you have not upgraded from v6.0 it is time to contact QISYS SalesLogix at (416) 253-5555 to find out what support is available for your current version or help with planning and executing an upgrade.
