VDB

CVE-2024-6671

CVE-2024-6671 PUBLISHED CVSS 9.800000190734863 CRITICAL

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.

EPSS 76.18% · 98.9th percentile

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
76.18%
98.9th percentile

Affected Products

VendorProductVersions
progresswhatsupgold2023.1.0, 2023.1.0
progresswhatsup_gold23.1.0, 23.1.0, 23.1.0
Progress Software CorporationWhatsUp Gold2023.1.0, 2023.1.0

Timeline

  • Mar 8, 2022 CrowdSec Sighting
  • Dec 9, 2022 CrowdSec Sighting
  • Dec 11, 2022 CrowdSec Sighting
  • Dec 11, 2022 CrowdSec Sighting
  • Dec 11, 2022 CrowdSec Sighting
  • Dec 11, 2022 CrowdSec Sighting
  • Dec 11, 2022 CrowdSec Sighting
  • Dec 18, 2022 CrowdSec Sighting
  • Dec 23, 2022 CrowdSec Sighting
  • Dec 23, 2022 CrowdSec Sighting
  • Dec 24, 2022 CrowdSec Sighting
  • Dec 26, 2022 CrowdSec Sighting
Open in Interactive Console →
$ Console Community · 100/wk Open console ›