CVE-2024-36049

Name of the Vulnerable Software and Affected Versions Aptos Wisal payroll accounting versions prior to 7.1.6

Description The issue allows attackers in a machine-in-the-middle position to gain read and write access to personally identifiable information (PII) and payroll data. It also enables them to impersonate legitimate users with respect to the audit log. This is due to the use of hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server over an unencrypted connection.

Recommendations For versions prior to 7.1.6, update to version 7.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the database server or using an encrypted connection to minimize the risk of exploitation.