CVE-2023-6595: WhatsUp Gold Unauthenticated Access to an API Endpoint
First published: Thu Dec 14 2023(Updated: )
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.
Credit: security@progress.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Progress Software WhatsUp Gold | <23.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-6595?
CVE-2023-6595 has been assessed as a high severity vulnerability due to the potential for unauthenticated access to sensitive credential information.
How do I fix CVE-2023-6595?
To mitigate CVE-2023-6595, upgrade WhatsUp Gold to version 2023.1 or later where the authentication mechanism was implemented for the affected API endpoint.
What versions of WhatsUp Gold are affected by CVE-2023-6595?
CVE-2023-6595 affects all versions of WhatsUp Gold released before 2023.1.
Can an attacker exploit CVE-2023-6595 remotely?
Yes, an unauthenticated attacker can remotely exploit CVE-2023-6595 to enumerate credential information.
What kind of information can be exposed by CVE-2023-6595?
CVE-2023-6595 allows unauthorized access to ancillary credential information stored within WhatsUp Gold.
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/severity
- agent/title
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/source
- vendor/progress
- canonical/progress software whatsup gold