Lucene search
ProgressSoftwareCVELIST:CVE-2024-6671HistoryAug 29, 2024 - 10:06 p.m.
CVE-2024-6671 WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability
2024-08-2922:06:19
CWE-89
ProgressSoftware
www.cve.org
5
whatsup gold
authentication bypass
sql injection
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
39.7%
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CNA Affected
[
{
"defaultStatus": "affected",
"modules": [
"API Endpoint"
],
"platforms": [
"Windows"
],
"product": "WhatsUp Gold",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2024.0.0",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
cve
cve
CVE-2024-6671
2024-08-29 22:15:05
nvd
nvd
CVE-2024-6671
2024-08-29 22:15:05
trendmicroblog
trendmicroblog
Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities
2024-09-12 00:00:00
nessus
nessus
Progress WhatsUp Gold < 24.0.0 Multiple Vulnerabilities (000263015)
2024-08-27 00:00:00
thn
thn
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
39.7%
Related for CVELIST:CVE-2024-6671