CVE-2024-12108
WhatsUp Gold - Public API signing key rotation issue
In short
WhatsUp Gold versions before 2024.0.2 have a flaw in how they manage signing keys for their public API, allowing attackers to gain unauthorized access to the server. This is critical because it bypasses authentication protections.
Technical detail
The vulnerability stems from improper handling of API signing key rotation in WhatsUp Gold prior to version 2024.0.2. An attacker can exploit this to forge or bypass API authentication mechanisms, gaining unauthorized access to the server. The attack vector is network-based through the public API interface without requiring prior credentials.
Summary generated and translated by AI from the official description.
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Affected products
Progress Software Corporation · WhatsUp GoldWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →