{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4996", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2024-05-16T10:39:01.510Z", "datePublished": "2024-12-18T11:37:23.937Z", "dateUpdated": "2025-10-07T13:21:35.535Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Wapro ERP Desktop", "vendor": "Asseco Business Solutions S.A.", "versions": [{"lessThan": "8.90.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-12-18T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use of a hard-coded password for a database administrator account created during Wapro ERP&nbsp;installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP&nbsp;installations.&nbsp;<p>This issue affects Wapro ERP Desktop versions before 8.90.0.</p>"}], "value": "Use of a hard-coded password for a database administrator account created during Wapro ERP\u00a0installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP\u00a0installations.\u00a0This issue affects Wapro ERP Desktop versions before 8.90.0."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "IRRECOVERABLE", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:I/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-259", "description": "CWE-259 Use of Hard-coded Password", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2025-10-03T09:03:57.204Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/12/CVE-2024-4995/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/12/CVE-2024-4995/"}, {"tags": ["product"], "url": "https://wapro.pl/"}], "source": {"discovery": "EXTERNAL"}, "title": "Hardcoded Password in Wapro ERP Desktop", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-798", "lang": "en", "description": "CWE-798 Use of Hard-coded Credentials"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-12-18T14:45:51.568653Z", "id": "CVE-2024-4996", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-07T13:21:35.535Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-4996", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-18T14:45:51.568653Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-18T14:47:09.246Z"}}], "cna": {"title": "Hardcoded Password in Wapro ERP Desktop", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "IRRECOVERABLE", "baseScore": 9.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:I/V:C/RE:M/U:Red", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Asseco Business Solutions S.A.", "product": "Wapro ERP Desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "8.90.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2024-12-18T00:00:00.000Z", "references": [{"url": "https://cert.pl/en/posts/2024/12/CVE-2024-4995/", "tags": ["third-party-advisory"]}, {"url": "https://cert.pl/posts/2024/12/CVE-2024-4995/", "tags": ["third-party-advisory"]}, {"url": "https://wapro.pl/", "tags": ["product"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Use of a hard-coded password for a database administrator account created during Wapro ERP\u00a0installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP\u00a0installations.\u00a0This issue affects Wapro ERP Desktop versions before 8.90.0.", "supportingMedia": [{"type": "text/html", "value": "Use of a hard-coded password for a database administrator account created during Wapro ERP&nbsp;installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP&nbsp;installations.&nbsp;<p>This issue affects Wapro ERP Desktop versions before 8.90.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-259", "description": "CWE-259 Use of Hard-coded Password"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2025-10-03T09:03:57.204Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4996", "state": "PUBLISHED", "dateUpdated": "2025-10-07T13:21:35.535Z", "dateReserved": "2024-05-16T10:39:01.510Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2024-12-18T11:37:23.937Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use of a hard-coded password for a database administrator account created during Wapro ERP\u00a0installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP\u00a0installations.\u00a0This issue affects Wapro ERP Desktop versions before 8.90.0."}, {"lang": "es", "value": "El uso de una contrase\u00f1a codificada para una cuenta de administrador de base de datos creada durante la instalaci\u00f3n de Wapro ERP permite a un atacante recuperar datos confidenciales integrados almacenados en la base de datos. La contrase\u00f1a es la misma en todas las instalaciones de Wapro ERP. Este problema afecta a las versiones de escritorio de Wapro ERP anteriores a la 8.90.0."}], "id": "CVE-2024-4996", "lastModified": "2025-10-03T09:15:35.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "IRRECOVERABLE", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:I/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-12-18T12:15:10.120", "references": [{"source": "[email protected]", "url": "https://cert.pl/en/posts/2024/12/CVE-2024-4995/"}, {"source": "[email protected]", "url": "https://cert.pl/posts/2024/12/CVE-2024-4995/"}, {"source": "[email protected]", "url": "https://wapro.pl/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-259"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}