CVE-2024-57726

Critical CVSS: 9.9

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

Vendor

Simple-help

Product

Simplehelp

CWE

NVD-CWE-noinfo

Yayın Tarihi

2025-01-15 23:15:09

Güncelleme

2025-01-31 21:15:11

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

NVD-CWE-noinfo Simplehelp CRITICAL Simple-help 2025

Referanslar

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/

Benzer Kayıtlar

High

CVE-2025-36727

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: befo…

Medium

CVE-2025-36728

Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.

High

CVE-2024-57727

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enabl…

High

CVE-2024-57728

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file s…