[Apiiro] dynatraceable · Critical Risk

**Discovered on:** Aug 25, 2025 11:58      

**Finding details**    
**Finding name:** IIS app pool creditservice Pool    
**Severity:** Medium    
**Sources:** Dynatrace      

**About this vulnerability**    
**Description:** Affected versions of this package are vulnerable to Unprotected Storage of Credentials. An attacker can steal authentication credentials intended for the database server by performing an adversary-in-the-middle attack between the SQL client and the SQL server, even if the connection is established over an encrypted channel like TLS.    
**Identifiers:**    
    - [CVE-2024-0056](https://nvd.nist.gov/vuln/detail/CVE-2024-0056)      

**CVSS v3.1.0:** 7.5    
**Exploit maturity:** No exploit maturity data      

**Affected assets**    
**Dependency:** System.Data.SqlClient: 4.8.3      

[View in Apiiro](http://localhost:5081/risks?trigger=fff0fc58b2205d022b4492af2155e4bf)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Apiiro] dynatraceable · Critical Risk #4

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Apiiro] dynatraceable · Critical Risk #4

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions