CVE-2023-6595

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ProgressSoftwareCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
progresswhatsup_gold
𝑥
< 23.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
https://www.progress.com/network-monitoring
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
https://www.progress.com/network-monitoring