Skip to main content

Erp Optima

2 CVEs product

Monthly

CVE-2025-68420 HIGH PATCH This Week

Memory dump attacks against Comarch ERP Optima client expose hardcoded high-privilege database credentials, allowing local attackers with process control to bypass application-level access controls and gain direct database access with elevated privileges. Exploitation requires a configured client installation but no user login, creating persistent risk on shared workstations. CERT-PL publicly disclosed this credential management flaw (CWE-266) with patch available in version 2026.4, though no active exploitation or public POC has been confirmed.

Information Disclosure Erp Optima
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-68421 HIGH PATCH This Week

Hard-coded database credentials in Comarch ERP Optima client allow remote attackers on adjacent networks to access the backend database with elevated privileges and execute system commands on the server. The immutable credentials enable authentication bypass without requiring any user interaction or existing privileges. Fixed in version 2026.4, reported by CERT-PL. No public exploit or KEV listing identified at time of analysis, though the straightforward nature of credential-based attacks (CVSS:4.0 AV:A/AC:L/PR:N) suggests high exploitability for attackers with local network access.

Authentication Bypass Erp Optima
NVD
CVSS 4.0
8.7
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Memory dump attacks against Comarch ERP Optima client expose hardcoded high-privilege database credentials, allowing local attackers with process control to bypass application-level access controls and gain direct database access with elevated privileges. Exploitation requires a configured client installation but no user login, creating persistent risk on shared workstations. CERT-PL publicly disclosed this credential management flaw (CWE-266) with patch available in version 2026.4, though no active exploitation or public POC has been confirmed.

Information Disclosure Erp Optima
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Hard-coded database credentials in Comarch ERP Optima client allow remote attackers on adjacent networks to access the backend database with elevated privileges and execute system commands on the server. The immutable credentials enable authentication bypass without requiring any user interaction or existing privileges. Fixed in version 2026.4, reported by CERT-PL. No public exploit or KEV listing identified at time of analysis, though the straightforward nature of credential-based attacks (CVSS:4.0 AV:A/AC:L/PR:N) suggests high exploitability for attackers with local network access.

Authentication Bypass Erp Optima
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy