CVE-2023-4537

HIGH

Comarch ERP XL <2023.2 - Info Disclosure

Title source: llm

Description

Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2.

References (3)

[Broken Link] https://cert.pl/posts/2023/02/CVE-2023-4537/

[Third Party Advisory] https://cert.pl/en/posts/2024/02/CVE-2023-4537/

[Third Party Advisory] https://cert.pl/posts/2024/02/CVE-2023-4537/

Scores

CVSS v3 7.4

EPSS 0.0011

EPSS Percentile 29.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-755

Status published

Products (1)

comarch/erp_xl 2020.2.2 - 2023.2

Published Feb 15, 2024

Tracked Since Feb 18, 2026