SimpleHelpPatching for Windows Mac Linux
CVE Vulnerabilities for Remote Access
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2024‑57728 | 2025‑01‑15 23:15:10 | HIGH (7) | SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. | 1 | 6 | NETWORK |
| CVE‑2024‑57727 | 2025‑01‑15 23:15:10 | HIGH (8) | SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords. | 4 | 4 | NETWORK |
| CVE‑2024‑57726 | 2025‑01‑15 23:15:10 | CRITICAL (10) | SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. | 3 | 6 | NETWORK |
What applications does Lavawall® monitor?
Lavawall monitors patches for over 7,500 applications. This is a summary of the most popular applications.Click here for the full list.
Click the applications below for the current version and known vulnerabilities.
Logos are property of their respective trademark holders and are not affiliated with ThreeShield or Lavawall. We have not audited the security of most of the listed tools.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.