CVE-2023-4538 Information

Description

The database access credentials configured during installation are stored in a special table and are encrypted with a shared key same among all Comarch ERP XL client installations. This could allow an attacker with access to that table to retrieve plain text passwords.

This issue affects ERP XL: from 2020.2.2 through 2023.2.

Reference

https://cert.pl/en/posts/2024/02/CVE-2023-4537/ https://cert.pl/posts/2024/02/CVE-2023-4537/