Report an incident
Back
  • About us
  • News
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerabilities in Comarch ERP XL software
15 February 2024 | CERT Polska | #vulnerability, #warning, #cve, #top
CVE ID CVE-2023-4537
Publication date 15 February 2024
Vendor Comarch SA
Product Comarch ERP XL
Vulnerable versions From 2020.2.2 through 2023.2
Vulnerability type (CWE) Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') (CWE-757)
Report source Report to CERT Polska
CVE ID CVE-2023-4538
Publication date 15 February 2024
Vendor Comarch SA
Product Comarch ERP XL
Vulnerable versions From 2020.2.2 through 2023.2
Vulnerability type (CWE) Insufficiently Protected Credentials (CWE-522)
Report source Report to CERT Polska
CVE ID CVE-2023-4539
Publication date 15 February 2024
Vendor Comarch SA
Product Comarch ERP XL
Vulnerable versions From 2020.2.2 through 2023.2
Vulnerability type (CWE) Use of Hard-coded Password (CWE-259)
Report source Report to CERT Polska

Description

CERT Polska has received a report about vulnerabilities found in Comarch ERP XL software and participated in coordination of their disclosure. All the vulnerabilities have been confirmed by the vendor and fixed in newer releases.

  • The vulnerability CVE-2023-4537 allows to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication exposed to data interception and modification.
  • The vulnerability CVE-2023-4538 is insufficiently protected credentials. The database access credentials configured during installation are stored in a special table, and are encrypted with a shared key, same among all vulnerable Comarch ERP XL installations. This could allow an attacker with access to that table to retrieve plain text passwords.
  • The vulnerability CVE-2023-4539 allows an attacker to retrieve embedded sensitive data stored in the database. The same, hard-coded password for a special database account is used among all vulnerable Comarch ERP XL installations.

Credits

We thank Marcin Ochab, PhD for the responsible vulnerability report.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.