Описание
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
Ссылки
- Release Notes
- Third Party Advisory
- US Government Resource
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
9.1 Critical
CVSS3
Дефекты
Связанные уязвимости
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
Уязвимость программного обеспечения для удаленной поддержки SimpleHelp, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
7.5 High
CVSS3
9.1 Critical
CVSS3