Missing Authentication Vulnerability in WhatsUp Gold Could Lead to Windows Credentials Disclosure
CVE-2024-5012

8.6HIGH

Key Information:

Vendor: Progress Software
Status: Whatsup Gold
Vendor: CVE Published:; 25 June 2024

Summary

In WhatsUp Gold versions prior to 2023.1.3, an authentication vulnerability exists within the WUGDataAccess.Credentials component. This issue allows unauthenticated attackers to access and disclose sensitive Windows Credentials that are stored in the product's Credential Library. Organizations using affected versions of WhatsUp Gold should take immediate measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

WhatsUp Gold Windows 2023.1.0

References

https://www.progress.com/network-monitoring

product

https://community.progress.com/s/article/WhatsUp-Gold-Sec...

vendor-advisory

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
May 16, 2024

Collectors

NVD DatabaseMitre Database

Credit

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative