VYPR
Unrated severityNVD Advisory· Published Feb 15, 2024· Updated Aug 29, 2024

Shared Key in Comarch ERP XL

CVE-2023-4538

Description

The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords.

This issue affects ERP XL: from 2020.2.2 through 2023.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Comarch/ERP XLllm-fuzzy2 versions
    >=2020.2.2, <=2023.2+ 1 more
    • (no CPE)range: >=2020.2.2, <=2023.2
    • (no CPE)range: 2020.2.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.