CVE-2024-4996

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Dec 18, 2024

CWE ID 476

Summary

CVE-2024-4996 is a vulnerability affecting Wapro ERP Desktop versions prior to 8.90.0. A hard-coded password for a database administrator account created during installation leaves these systems susceptible to unauthorized access. An attacker can exploit this issue by retrieving sensitive data stored in the database using this universal password. The password is consistent across all Wapro ERP installations, increasing the potential impact of a successful attack. Organizations using these ERP desktop versions are advised to apply the necessary patches or updates immediately to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ztKfvr
https://www.cve.org/CVERecord?id=CVE-2024-4996
https://nvd.nist.gov/vuln/detail/CVE-2024-4996

Back to Vulnerability Database

CVE-2024-4996

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations