3 matches found
CVE-2024-6671
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password...
Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities
In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671...
CVE-2024-6671
WhatsUp Gold (Progress) is affected in versions released before 2024.0.0 where, in single-user configurations, an unauthenticated attacker can perform SQL injection to retrieve encrypted user passwords (authentication bypass risk). The connected Nuclei template confirms the vulnerability as a SQL...