CVE-2023-6368

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.
Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

History

16 Oct 2024, 15:15

Type Values Removed Values Added
CWE CWE-862
Summary (en) In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold. (en) In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.

19 Dec 2023, 17:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE CWE-306
References () https://www.progress.com/network-monitoring - () https://www.progress.com/network-monitoring - Product
References () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 - () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 - Vendor Advisory
CPE cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

14 Dec 2023, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-14 16:15

Updated : 2024-10-16 15:15


NVD link : CVE-2023-6368

Mitre link : CVE-2023-6368

CVE.ORG link : CVE-2023-6368


JSON object : View

Products Affected

progress

  • whatsup_gold
CWE
CWE-306

Missing Authentication for Critical Function