In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.
References
Link | Resource |
---|---|
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 | Vendor Advisory |
https://www.progress.com/network-monitoring | Product |
Configurations
History
16 Oct 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold. | |
CWE |
19 Dec 2023, 17:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:* | |
References | () https://www.progress.com/network-monitoring - Product | |
References | () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 - Vendor Advisory | |
CWE | CWE-306 |
14 Dec 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-14 16:15
Updated : 2024-10-16 15:15
NVD link : CVE-2023-6595
Mitre link : CVE-2023-6595
CVE.ORG link : CVE-2023-6595
JSON object : View
Products Affected
progress
- whatsup_gold
CWE
CWE-306
Missing Authentication for Critical Function