CVE-2023-6368

WhatsUp Gold Unauthenticated Access to an API Endpoint

CVSS 5.9 MEDIUMEPSS 0.6%CWE-306

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.9EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

14 dic 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

Progress Software Corporation · WhatsUp Gold

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 https://www.progress.com/network-monitoring