CVE-2023-6368

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.
Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

History

16 Oct 2024, 15:15

Type Values Removed Values Added
Summary (en) In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold. (en) In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.
CWE CWE-862

19 Dec 2023, 17:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
References () https://www.progress.com/network-monitoring - () https://www.progress.com/network-monitoring - Product
References () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 - () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 - Vendor Advisory
CPE cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*
CWE CWE-306

14 Dec 2023, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-14 16:15

Updated : 2024-10-16 15:15


NVD link : CVE-2023-6368

Mitre link : CVE-2023-6368

CVE.ORG link : CVE-2023-6368


JSON object : View

Products Affected

progress

  • whatsup_gold
CWE
CWE-306

Missing Authentication for Critical Function