CVE-2024-4996

Published Dec 18, 2024

Last updated 2 months ago

CVSS critical 9.3

Overview

Description: Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP installations. This issue affects Wapro ERP Desktop versions before 8.90.0.
Source: cvd@cert.pl
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 9.3
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:C/RE:M/U:Red
Severity: CRITICAL

CVSS 3.1

Type: Secondary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

cvd@cert.pl: CWE-798
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-798

Hype score: Not currently trending

[CVE-2024-4996: CRITICAL] Hard-coded password in Wapro ERP Desktop versions before 8.90.0 puts sensitive data at risk. Attacker could access stored information easily.#cybersecurity,#vulnerability https://t.co/97Fa5jFTNr https://t.co/LXTipujWhT
@CveFindCom
18 Dec 2024
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References