What is CVE-2024-4995?

CVE-2024-4995 is a vulnerability in Asseco Business Solutions S.a. Wapro Erp Desktop, classified under CWE-757. Published 2024-12-18.

Is CVE-2024-4995 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Asseco Business Solutions S.a. Wapro Erp Desktop

CVE-2024-4995

Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before…

EPSS: 0.003 (49.8th percentile) — read the EPSS interpretation.

Affected products

Asseco Business Solutions S.a. Wapro Erp Desktop — versions 0

Weakness classification (CWE)

CWE-757

Public proof-of-concept exploits

References

cert.pl/en/posts/2024/12/CVE-2024-4995/ (third-party-advisory)
cert.pl/posts/2024/12/CVE-2024-4995/ (third-party-advisory)
wapro.pl/ (product)

Frequently asked questions

What is CVE-2024-4995?: CVE-2024-4995 is a vulnerability in Asseco Business Solutions S.a. Wapro Erp Desktop, classified under CWE-757. Published 2024-12-18.
Is CVE-2024-4995 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.