Lucene search
CISACISA-KEV-CVE-2024-6670HistorySep 16, 2024 - 12:00 a.m.
Progress WhatsUp Gold SQL Injection Vulnerability
2024-09-1600:00:00
CISA
www.cisa.gov
1
progress whatsup gold
sql injection
vulnerability
unauthorized access
encrypted passwords
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.4
Confidence
Low
EPSS
0.956
Percentile
99.5%
Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user’s encrypted password if the application is configured with only a single user.
Related
nvd
nvd
CVE-2024-6670
2024-08-29 22:15:05
cve
cve
CVE-2024-6670
2024-08-29 22:15:05
cvelist
cvelist
vulnrichment
vulnrichment
githubexploit
githubexploit
Exploit for SQL Injection in Progress Whatsup Gold
2024-08-30 17:13:14
attackerkb
attackerkb
CVE-2024-6670
2024-08-29 00:00:00
trendmicroblog
trendmicroblog
Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities
2024-09-12 00:00:00
nessus
nessus
Progress WhatsUp Gold < 24.0.0 Multiple Vulnerabilities (000263015)
2024-08-27 00:00:00
thn
thn
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.4
Confidence
Low
EPSS
0.956
Percentile
99.5%
Related for CISA-KEV-CVE-2024-6670