CVE-2024-8774

HIGH Year: 2024
Weakness Type
CWE-257
View all →

Vulnerability Description

The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the vulnerability. Versions 6.20 and 6.25 remain unpatched.

Related Vulnerabilities

CVE-2022-32519

CRITICAL
CVSS:9.8(Critical)

A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Prod...

CWE-2572022

CVE-2022-34838

HIGH
CVSS:8.4(High)

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once ...

CWE-2572022

CVE-2019-3736

HIGH
CVSS:8.2(High)

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potent...

CWE-2572019

CVE-2023-38738

HIGH
CVSS:8.1(High)

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with a...

CWE-2572023

CVE-2017-9942

HIGH
CVSS:7.8(High)

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to po...

CWE-2572017

CVE-2022-22251

HIGH
CVSS:7.8(High)

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-...

CWE-2572022