CVE-2023-6595

Summary

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.

Affected Software

VendorProductVersion RangeStatus
Progress Software CorporationWhatsUp Gold2023.0 < 2023.1affected
Progress Software CorporationWhatsUp Gold2022.0 <= 2022.1affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

References