Exposures › CVE-2024-57726
SimpleHelp allows low-privileged technicians to create API keys with server admin privileges, enabling privilege escalation.
This missing authorization flaw lets unprivileged users bypass role restrictions to gain full server admin access, creating a critical supply-chain risk for DIB vendors relying on SimpleHelp's API infrastructure. Organizations must audit all API key generation workflows and enforce strict role-based access controls to prevent unauthorized privilege escalation.
Shame score — A critical privilege escalation vulnerability that allows low-privileged users to bypass authorization checks and gain server admin access represents a severe security failure.
SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
No correlated FedRAMP products.