← volver
CVE-2023-6368

WhatsUp Gold Unauthenticated Access to an API Endpoint

CVSS 5.9 MEDIUMEPSS 0.6%CWE-306
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Progress Software Corporation · WhatsUp Gold

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023https://www.progress.com/network-monitoring