Log In
Request Demo Start 30-Day Trial
Back to CVEs
CVE CVE

CVE-2024-6670

CISA Known Exploited Vulnerability (KEV)

Progress WhatsUp Gold SQL Injection Vulnerability

September 16, 2024

October 7, 2024

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.

References

Weakness Enumeration

CWE-ID CWE Name

CWE-89 		Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

Known Affected Software Configurations


cpe:2.3:a:progress:whatsup_gold:11:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:15.02:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:16.3:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:16.4:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:17.1.1:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:18.0:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:21.1.0:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:21.1.1:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:21.1.2:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:22.0.0:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:22.0.1:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:22.0.2:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:23.0.0:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:23.0.1:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:23.0.2:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:23.1.1:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:23.1.2:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:23.1.3:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:7.03:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:7.04:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:7.0:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:8.01:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:8.03:-:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:8.03:hotfix1:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:8.0:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:23.1.0:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:-:*:*:*:*:*:*:*

cpe:2.3:a:progress:whatsup_gold:22.1.0:*:*:*:*:*:*:*

Details

Source:
NVD
Published:
Updated:

Risk information

CVSS v3

Base score:
9.8
Severity:

CRITICAL

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined