CVE-2024-4995

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Wapro ERP Desktop versions prior to 9.00.0

Description: The issue affects Wapro ERP Desktop, where it is vulnerable to MS SQL protocol downgrade requests from the server side. This could lead to unencrypted communication, making it vulnerable to data interception and modification.

Recommendations: For versions prior to 9.00.0, update to version 9.00.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of MS SQL protocol to minimize the risk of exploitation.

Fix

Missing Encryption of Sensitive Data

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-757CWE-311CWE-922

Related Identifiers

CVE-2024-4995

Affected Products

Mssql

CVE-2024-4995

Weakness Enumeration

Related Identifiers

Affected Products

References · 12