CVE-2024-36049

Published: May 24, 2024

Modified: Feb 13, 2025

PUBLISHED

Description

Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personally identifiable information (PII) and especially payroll data and the ability to impersonate legitimate users with respect to the audit log.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-007/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-36049

Description

Affected Products

References