← volver
CVE-2023-6595

WhatsUp Gold Unauthenticated Access to an API Endpoint

CVSS 7.5 HIGHEPSS 0.8%CWE-306
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Progress Software Corporation · WhatsUp Gold

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023https://www.progress.com/network-monitoring