CVE-2023-6368
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Progress Software Corporation | WhatsUp Gold | 2023.0 < 2023.1 | affected |
| Progress Software Corporation | WhatsUp Gold | 2022.0 <= 2022.1 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
ADP Enrichment
CVE Program Container
Additional References
- https://www.progress.com/network-monitoring
- https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
References
- https://www.progress.com/network-monitoring
- https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.