CVE-2024-6672

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.
Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

History

04 Sep 2024, 14:23

Type Values Removed Values Added
References () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024 - () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024 - Vendor Advisory
References () https://www.progress.com/network-monitoring - () https://www.progress.com/network-monitoring - Product
Summary
  • (es) En las versiones de WhatsUp Gold lanzadas antes de 2024.0.0, una vulnerabilidad de inyección SQL permite que un atacante autenticado con pocos privilegios logre una escalada de privilegios modificando la contraseña de un usuario privilegiado.
First Time Progress
Progress whatsup Gold
CPE cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

29 Aug 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-29 22:15

Updated : 2024-09-04 14:23


NVD link : CVE-2024-6672

Mitre link : CVE-2024-6672

CVE.ORG link : CVE-2024-6672


JSON object : View

Products Affected

progress

  • whatsup_gold
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')