Lucene search
ProgressSoftwareCVELIST:CVE-2024-6670HistoryAug 29, 2024 - 10:04 p.m.
CVE-2024-6670 WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability
2024-08-2922:04:41
CWE-89
ProgressSoftware
www.cve.org
4
whatsup gold
sql injection
authentication bypass
vulnerability
versions before 2024.0.0
unauthenticated attacker
encrypted password
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.956
Percentile
99.5%
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CNA Affected
[
{
"defaultStatus": "affected",
"modules": [
"API Endpoint"
],
"platforms": [
"Windows"
],
"product": "WhatsUp Gold",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2024.0.0",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
]Related
nvd
nvd
CVE-2024-6670
2024-08-29 22:15:05
cve
cve
CVE-2024-6670
2024-08-29 22:15:05
cisa_kev
cisa_kev
Progress WhatsUp Gold SQL Injection Vulnerability
2024-09-16 00:00:00
vulnrichment
vulnrichment
githubexploit
githubexploit
Exploit for SQL Injection in Progress Whatsup Gold
2024-08-30 17:13:14
attackerkb
attackerkb
CVE-2024-6670
2024-08-29 00:00:00
trendmicroblog
trendmicroblog
Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities
2024-09-12 00:00:00
nessus
nessus
Progress WhatsUp Gold < 24.0.0 Multiple Vulnerabilities (000263015)
2024-08-27 00:00:00
thn
thn
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.956
Percentile
99.5%
Related for CVELIST:CVE-2024-6670