CVE-2024-4995

Summary

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0.

Affected Software

VendorProductVersion RangeStatus
Asseco Business Solutions S.A.Wapro ERP Desktop0 < 9.00.0affected

Weaknesses

  • CWE-757: CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References