CVE-2024-4996 CRITICAL

CVE-2024-4996: Hardcoded Password in Wapro ERP Desktop

Vendor Asseco Business Solutions S.a.
Product Wapro ERP Desktop
Weakness CWE-259
Published December 18, 2024
Last update October 7, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/R:I/V:C/RE:M/U:Red

What the vulnerability does

01Description

Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP installations. This issue affects Wapro ERP Desktop versions before 8.90.0.

Key dates

02Disclosure timeline

December 18, 2024 CVE published
October 7, 2025 Record updated