CVE-2024-8774
Description
The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the vulnerability. Versions 6.20 and 6.25 remain unpatched.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-8774? +
How do I check if I'm vulnerable to CVE-2024-8774? +
Related Vulnerabilities
NetSupport Manager < 14.12.0001 relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The …
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A …
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update …
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update …
Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.
A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access.