CVE-2023-6595

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.
Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

History

16 Oct 2024, 15:15

Type Values Removed Values Added
Summary (en) In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold. (en) In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.
CWE CWE-862

19 Dec 2023, 17:51

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CPE cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*
References () https://www.progress.com/network-monitoring - () https://www.progress.com/network-monitoring - Product
References () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 - () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 - Vendor Advisory
CWE CWE-306

14 Dec 2023, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-14 16:15

Updated : 2024-10-16 15:15


NVD link : CVE-2023-6595

Mitre link : CVE-2023-6595

CVE.ORG link : CVE-2023-6595


JSON object : View

Products Affected

progress

  • whatsup_gold
CWE
CWE-306

Missing Authentication for Critical Function