CVE-2024-4995: Protocol Downgrade in Wapro ERP Desktop

9.1 CVSS

Description

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0.

Classification

CVE ID: CVE-2024-4995

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.1

Affected Products

Vendor: Asseco Business Solutions S.A.

Product: Wapro ERP Desktop

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://cert.pl/en/posts/2024/12/CVE-2024-4995/
https://cert.pl/posts/2024/12/CVE-2024-4995/
https://wapro.pl/

Timeline

2024-12-19 00:30:43 UTC
CVE

Protocol Downgrade in Wapro ERP Desktop