CVE-2024-8774

Summary

The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator.

This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch 6.30@a03.9, which removed the vulnerability. Versions 6.20 and 6.25 remain unpatched.

Affected Software

VendorProductVersion RangeStatus
Simple SASIMPLE.ERP6.20 < 6.30@a03.9affected

Weaknesses

  • CWE-257: CWE-257: Storing Passwords in a Recoverable Format

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References