CVE-2020-8995

Name of the Vulnerable Software and Affected Versions Programi Bilanc Build 007 Release 014 31.01.2020

Description The issue concerns hardcoded credentials in a .exe file supplied by Programi Bilanc, allowing remote attackers to gain access to the complete infrastructure, including the website, update server, and external issue tracking tools. This access could potentially lead to significant security breaches.

Recommendations For Programi Bilanc Build 007 Release 014 31.01.2020, consider removing or securely storing the hardcoded credentials in the .exe file to prevent unauthorized access. As a temporary workaround, restrict access to the servers and infrastructure that use these credentials until a secure update is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.