7.5

CVE-2023-4539

EPSS 0.08%
Veröffentlicht 15.02.2024 09:15:33
Zuletzt bearbeitet 23.01.2025 17:16:43
Quelle cvd@cert.pl
CVE-Watchlists
Login
Unerledigt
Login

Use of a hard-coded password for a special database account created during Comarch ERP XL installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Comarch ERP XL installations. 

This issue affects ERP XL: from 2020.2.2 through 2023.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Comarch ≫ Erp Xl Version >= 2020.2.2 <= 2023.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.245

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvd@cert.pl	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://cert.pl/en/posts/2024/02/CVE-2023-4537/

Third Party Advisory

https://cert.pl/posts/2024/02/CVE-2023-4537/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4539

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4539

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4539

EUVD