CVE-2024-8774

216.73.216.233

· Published 24/03/2025 13:15 · Modified 24/03/2025 13:15

Labels: CVE-2024-8774 2025-03-24 CVE-2024-8774 CWE-257 [email protected]

Essential information

Published: 24/03/2025 13:15
Modified: 24/03/2025 13:15
Author: —
Creator: —
CVSS: 7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the vulnerability. Versions 6.20 and 6.25 remain unpatched.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
simple.erp / simple.erp	`cpe:2.3:a:simple.erp:simple.erp:6.20:::::::*`
simple.erp / simple.erp	`cpe:2.3:a:simple.erp:simple.erp:6.25:::::::*`
simple.erp / simple.erp	`cpe:2.3:a:simple.erp:simple.erp:6.30:a03.9::::::`