simple-help 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥、vendor risk csrf, and vendor risk file inclusion があり、vendor surface production workloads and vendor surface software deployment の利用場面で ファイル上書き and vendor impact unauthorized access などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-36728 | Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11. | [email protected] | 6.3 | 0.17% | 2025-07-25 | 2026-06-17 |
| CVE-2025-36727 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12. | [email protected] | 8.3 | 0.41% | 2025-07-25 | 2026-06-17 |
| CVE-2024-57728 KEV | SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. | [email protected] | 7.2 | 7.55% | 2025-01-15 | 2026-06-17 |
| CVE-2024-57727 KEV | SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords. | [email protected] | 7.5 | 95.07% | 2025-01-15 | 2026-06-17 |
| CVE-2024-57726 KEV | SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. | [email protected] | 9.9 | 9.33% | 2025-01-15 | 2026-06-17 |