Primary

Context

Comarch ERP Optima Incorrect Privilege Assignment Vulnerability Allowing Privileged Database Access

Vulnerability

A vulnerability exists in Comarch ERP Optima clients prior to version 2026.4, where the application connects to the database using a high-privileged account, regardless of the user's application account. This flaw allows a local attacker controlling the client process to dump memory, extract database credentials, and gain privileged access to the database. The client application must be configured, but the user does not need to be logged in.

Impact

Exploitation of this vulnerability allows local attackers to access the database with elevated privileges, potentially leading to unauthorized data manipulation or access.

Remediation

Users can upgrade to Comarch ERP Optima version 2026.4 or later to address this vulnerability.

Added: May 14, 2026, 11:22 AM

Updated: May 14, 2026, 11:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

8.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

8.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Comarch ERP Optima Incorrect Privilege Assignment Vulnerability Allowing Privileged Database Access

Vulnerability

Impact

Remediation

Affected Products

Comarch ERP Optima

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating