Marcin Ochab

**Name of the Vulnerable Software and Affected Versions** Comarch ERP XL versions 2020.2.2 through 2023.2 **Description** The Comarch ERP XL client is vulnerable to an MS SQL protocol downgrade request from the server side, which could lead to unencrypted communication. This makes the communication vulnerable to data interception and modification. **Recommendations** For versions 2020.2.2 through 2023.2, consider updating to a version that is not affected by this issue, as the current version may allow for unencrypted communication due to the MS SQL protocol downgrade request vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Comarch ERP XL versions 2020.2.2 through 2023.2 **Description** The database access credentials configured during installation are stored in a special table and are encrypted with a shared key that is the same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords. **Recommendations** For versions 2020.2.2 through 2023.2, consider changing the database access credentials and the shared encryption key to prevent unauthorized access. As a temporary workaround, restrict access to the special table that stores the database access credentials to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Comarch ERP XL versions 2020.2.2 through 2023.2 **Description** The issue is related to the use of a hard-coded password for a special database account created during Comarch ERP XL installation. This allows an attacker to retrieve embedded sensitive data stored in the database. The password is the same among all Comarch ERP XL installations. **Recommendations** For Comarch ERP XL versions 2020.2.2 through 2023.2, consider changing the hard-coded password for the special database account to a unique and secure password to prevent unauthorized access to sensitive data. As a temporary workaround, restrict access to the database account until a secure password can be implemented.

**Name of the Vulnerable Software and Affected Versions** QNAP QTS versions prior to 4.1.4 build 0910 QNAP QTS versions 4.2.x prior to 4.2.0 RC2 build 0910 **Description** A directory traversal issue exists when AFP is enabled, allowing remote attackers to read or write to arbitrary files by leveraging access to an OS X user or guest account. **Recommendations** For QNAP QTS versions prior to 4.1.4 build 0910, update to version 4.1.4 build 0910 or later. For QNAP QTS versions 4.2.x prior to 4.2.0 RC2 build 0910, update to version 4.2.0 RC2 build 0910 or later. As a temporary workaround, consider disabling AFP until a patch is available.