What is CVE-2024-8773?

CVE-2024-8773 is a vulnerability in Simple Sa Simple.erp, classified under CWE-757. Published 2025-03-24.

Is CVE-2024-8773 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Simple Sa Simple.erp

CVE-2024-8773

SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affect SIMPLE.ERP from 6.20 to 6.30. Onl…

EPSS: 0.002 (37.7th percentile) — read the EPSS interpretation.

Affected products

Simple Sa Simple.erp — versions 6.20

Weakness classification (CWE)

CWE-757

Public proof-of-concept exploits

defragmentator/mitmsqlproxy

References

cert.pl/en/posts/2025/03/CVE-2024-8773/ (third-party-advisory)
cert.pl/posts/2025/03/CVE-2024-8773/ (third-party-advisory)
simple.com.pl/produkty/simple-erp/dla-kogo/ (product)

Frequently asked questions

What is CVE-2024-8773?: CVE-2024-8773 is a vulnerability in Simple Sa Simple.erp, classified under CWE-757. Published 2025-03-24.
Is CVE-2024-8773 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.