CVE-2022-41157 HIGH

CVE-2022-41157: ERP solution Remote Code Execution Vulnerability

Vendor Webcash Co.,Ltd
Product sERP Server 2.0
Weakness CWE-798 · Hardcoded credentials
Published November 25, 2022
Last update April 24, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands.

Key dates

02Disclosure timeline

November 25, 2022 CVE published
April 24, 2025 Record updated