www.cve.org Open in urlscan Pro
3.165.206.74  Public Scan

Form analysis
0 forms found in the DOM

Text Content

We're sorry but the CVE Website doesn't work properly without JavaScript
enabled. Please enable it to continue.
Skip to main content
About
OverviewHistoryProcessRelated EffortsMetrics
Partner Information
PartnerList of Partners
Program Organization
StructureProgram Relationship with PartnersBoardWorking GroupsCVE Numbering
AuthoritiesAuthorized Data Publishers
Downloads
Resources & Support
ResourcesGlossaryFAQs
AllRecentArchivesNewsletter Sign-Up
Reserve IDs & Publish RecordsCVE Services

Report/Request
CNAsNon-CNAs
Site Search
Find
Find CVE Records by keyword on cve.mitre.org.
Site Search


CVE-2024-6670

PUBLISHED

external site

View JSON
|

external site

User Guide

--------------------------------------------------------------------------------

Collapse all


REQUIRED CVE RECORD INFORMATION


CNA: PROGRESS SOFTWARE CORPORATION

expand

Published: 2024-08-29
Updated: 2024-08-29

Title: WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability

DESCRIPTION

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability
allows an unauthenticated attacker to retrieve the users encrypted password.

CWE 1 TOTAL

Learn more
 * CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL
   Command ('SQL Injection')

CVSS 1 TOTAL

Learn more

ScoreSeverityVersionVector
String9.8CRITICAL3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

PRODUCT STATUS

Learn more

Vendor

Progress Software Corporation

Product

WhatsUp Gold

Platforms

Windows

Versions 1 Total

Default Status: affected

affected

 * affected from 2023.1.0 before 2024.0.0 


CREDITS

 * Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with
   Trend Micro Zero Day Initiative finder

REFERENCES

 * https://www.progress.com/network-monitoring
   
   external site
   
   product
 * https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024
   
   external site
   
   vendor-advisory


AUTHORIZED DATA PUBLISHERS

Learn more


CISA-ADP

collapse

On this page

 * Required CVE Record Information
   * CNA: Progress Software Corporation
 * Authorized Data Publishers
   * CISA-ADP

POLICIES & COOKIES

 * Terms of Use
 * Website Security Policy
 * Privacy Policy
 * Cookie Notice
 * Manage Cookies

MEDIA

 * News
 * Blogs
 * Podcasts
 * Email newsletter sign up

SOCIAL MEDIA

github

linkedin

mastodon

youtube

medium

x-twitter icon for @CVEnew

New CVE Records

x-twitter icon for @CVEannounce

CVE Announce

CONTACT

 * CVE Program Support
   
   external site

 * CNA Partners
 * CVE Website Support
   
   external site

 * CVE Program Idea Tracker
   
   external site

Use of the CVE® List and the associated references from this website are subject
to the terms of use. CVE is sponsored by the U.S. Department of Homeland
Security (DHS)

external link

Cybersecurity and Infrastructure Security Agency (CISA)

external link

. Copyright © 1999-2024, The MITRE Corporation

external link

. CVE and the CVE logo are registered trademarks of The MITRE Corporation.