NVD disclosure day
CVE-2024-57728
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in SimpleHelp remote support software allows administrative users to upload arbitrary files, potentially leading to unauthorized code execution. This could compromise affected systems, impacting business operations and data. Organizations should identify vulnerable assets, reduce exposure, and apply ven
CVE-2024-57727
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
Path traversal vulnerabilities in SimpleHelp remote support software allow unauthenticated attackers to download arbitrary files, including configuration details and user credentials. This poses a risk of data exposure and system compromise for affected organizations.
CVE-2024-57726
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in SimpleHelp remote support software allows low-privilege technicians to create API keys with excessive permissions, potentially leading to server administrator control. This could impact system integrity and data confidentiality. Organizations using affected versions should address this vulnerability.