CVE-2023-4537
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification.
This issue affects ERP XL: from 2020.2.2 through 2023.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Comarch | ERP XL | 2020.2.2 <= 2023.2 | affected |
Weaknesses
- CWE-755: CWE-755 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.