Description
Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0.
Scores
CVSS v3
9.8
EPSS
0.0019
EPSS Percentile
40.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-757
CWE-922
Status
published
Products (1)
Asseco Business Solutions S.A./Wapro ERP Desktop
< 9.00.0
Published
Dec 18, 2024
Tracked Since
Feb 18, 2026