Vulnerability Details : CVE-2023-4537
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification.
This issue affects ERP XL: from 2020.2.2 through 2023.2.
Products affected by CVE-2023-4537
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2023-4537
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4537
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.4
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
2.2
|
5.2
|
CERT.PL | 2024-02-15 |
CWE ids for CVE-2023-4537
-
The product does not encrypt sensitive or critical information before storage or transmission.Assigned by: cvd@cert.pl (Secondary)
-
The product does not handle or incorrectly handles an exceptional condition.Assigned by: cvd@cert.pl (Secondary)
References for CVE-2023-4537
-
https://cert.pl/posts/2023/02/CVE-2023-4537/
Nie znaleziono strony | CERT Polska
-
https://cert.pl/en/posts/2024/02/CVE-2023-4537/
Vulnerabilities in Comarch ERP XL software | CERT Polska
-
https://cert.pl/posts/2024/02/CVE-2023-4537/
PodatnoĊci w oprogramowaniu Comarch ERP XL | CERT Polska
Jump to