CVE-2024-4996: Hardcoded Password in Wapro ERP Desktop

9.3 CVSS

Description

Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP installations. This issue affects Wapro ERP Desktop versions before 8.90.0.

Classification

CVE ID: CVE-2024-4996

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.3

Affected Products

Vendor: Asseco Business Solutions S.A.

Product: Wapro ERP Desktop

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://cert.pl/en/posts/2024/12/CVE-2024-4995/
https://cert.pl/posts/2024/12/CVE-2024-4995/
https://wapro.pl/

Timeline

2024-12-19 00:30:43 UTC
CVE

Hardcoded Password in Wapro ERP Desktop