CVE-2023-6595: WhatsUp Gold Unauthenticated Access to an API Endpoint
First published: Thu Dec 14 2023(Updated: )
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.
Credit: security@progress.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Progress WhatsUp Gold | <23.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- agent/title
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/progress
- canonical/progress whatsup gold