CVE-2024-6671

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

History

04 Sep 2024, 15:53

Type Values Removed Values Added
First Time Progress
Progress whatsup Gold
References () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024 - () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024 - Vendor Advisory
References () https://www.progress.com/network-monitoring - () https://www.progress.com/network-monitoring - Product
Summary
  • (es) En las versiones de WhatsUp Gold lanzadas antes de 2024.0.0, si la aplicación está configurada con un solo usuario, una vulnerabilidad de inyección SQL permite que un atacante no autenticado recupere la contraseña cifrada del usuario.
CPE cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

29 Aug 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-29 22:15

Updated : 2024-09-04 15:53


NVD link : CVE-2024-6671

Mitre link : CVE-2024-6671

CVE.ORG link : CVE-2024-6671


JSON object : View

Products Affected

progress

  • whatsup_gold
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')