CVE-2024-4995 CRITICAL

CVE-2024-4995: Protocol Downgrade in Wapro ERP Desktop

Vendor Asseco Business Solutions S.a.
Product Wapro ERP Desktop
Weakness CWE-757
Published December 18, 2024
Last update October 7, 2025

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/R:U/V:C/RE:M/U:Amber

What the vulnerability does

01Description

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0.

Key dates

02Disclosure timeline

December 18, 2024 CVE published
October 7, 2025 Record updated