Unauthorized Access via Public API in WhatsUp Gold
CVE-2024-12108

9.6CRITICAL

Key Information:

Vendor: Progress Software
Status: Whatsup Gold
Vendor: CVE Published:; 31 December 2024

Summary

Inversions of WhatsUp Gold released before version 2024.0.2, a security flaw allows unauthorized access to the WhatsUp Gold server through its public API. This vulnerability poses a risk as attackers can exploit this access method to potentially execute unauthorized actions within the application. It is essential for users of WhatsUp Gold to address this issue by updating to the latest version and implementing best practices for API security.

Affected Version(s)

WhatsUp Gold Windows 2023.1.0

References

https://www.progress.com/network-monitoring

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 3, 2024

Collectors

NVD DatabaseMitre Database

Credit

Mike Barber, Software Architect at Progress Software