Lucene search
HistoryAug 29, 2024 - 10:15 p.m.
CVE-2024-6670
whatsup gold
sql injection
vulnerability
unauthenticated attacker
encrypted password
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.956
Percentile
99.5%
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
Affected configurations
Node
progresswhatsup_goldRange<24.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| progress | whatsup_gold | * | cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2024-6670
2024-08-29 22:15:05
cvelist
cvelist
cisa_kev
cisa_kev
Progress WhatsUp Gold SQL Injection Vulnerability
2024-09-16 00:00:00
vulnrichment
vulnrichment
githubexploit
githubexploit
Exploit for SQL Injection in Progress Whatsup Gold
2024-08-30 17:13:14
attackerkb
attackerkb
CVE-2024-6670
2024-08-29 00:00:00
trendmicroblog
trendmicroblog
Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities
2024-09-12 00:00:00
nessus
nessus
Progress WhatsUp Gold < 24.0.0 Multiple Vulnerabilities (000263015)
2024-08-27 00:00:00
thn
thn
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.956
Percentile
99.5%
Related for NVD:CVE-2024-6670