We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-6670

WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability



Description

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.

Reserved 2024-07-10 | Published 2024-08-29 | Updated 2024-09-16 | Assigner ProgressSoftware


CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Date added 2024-09-16 | Due date 2024-10-07

Known Ransomware Campaign(s)

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status
affected

2023.1.0 before 2024.0.0
affected

Credits

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative finder

References

www.progress.com/network-monitoring product

community.progress.com/...Gold-Security-Bulletin-August-2024 vendor-advisory

cve.org (CVE-2024-6670)

nvd.nist.gov (CVE-2024-6670)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-6670

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.