In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.
References
Link | Resource |
---|---|
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 | Vendor Advisory |
https://www.progress.com/network-monitoring | Product |
Configurations
History
16 Oct 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold. | |
CWE |
19 Dec 2023, 17:48
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | () https://www.progress.com/network-monitoring - Product | |
References | () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 - Vendor Advisory | |
CPE | cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:* | |
CWE | CWE-306 |
14 Dec 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-14 16:15
Updated : 2024-10-16 15:15
NVD link : CVE-2023-6368
Mitre link : CVE-2023-6368
CVE.ORG link : CVE-2023-6368
JSON object : View
Products Affected
progress
- whatsup_gold
CWE
CWE-306
Missing Authentication for Critical Function