VDB
CVE-2024-6671
CVE-2024-6671
PUBLISHED
CVSS 9.800000190734863 CRITICAL
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
EPSS 76.18% · 98.9th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
76.18%
98.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| progress | whatsupgold | 2023.1.0, 2023.1.0 |
| progress | whatsup_gold | 23.1.0, 23.1.0, 23.1.0 |
| Progress Software Corporation | WhatsUp Gold | 2023.1.0, 2023.1.0 |
Timeline
- Mar 8, 2022 CrowdSec Sighting
- Dec 9, 2022 CrowdSec Sighting
- Dec 11, 2022 CrowdSec Sighting
- Dec 11, 2022 CrowdSec Sighting
- Dec 11, 2022 CrowdSec Sighting
- Dec 11, 2022 CrowdSec Sighting
- Dec 11, 2022 CrowdSec Sighting
- Dec 18, 2022 CrowdSec Sighting
- Dec 23, 2022 CrowdSec Sighting
- Dec 23, 2022 CrowdSec Sighting
- Dec 24, 2022 CrowdSec Sighting
- Dec 26, 2022 CrowdSec Sighting