exploitDog

CVE-2023-6368

Опубликовано: 14 дек. 2023

Источник: nvd

CVSS3: 5.9

CVSS3: 5.3

EPSS Низкий

Описание

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.

Ссылки

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
Vendor Advisory
https://www.progress.com/network-monitoring
Product
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
Vendor Advisory
https://www.progress.com/network-monitoring
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

Версия до 23.1.0 (исключая)

EPSS

Процентиль: 5%

0.00022

Низкий

5.9 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-306

CWE-306

Связанные уязвимости

GHSA-cf4w-jr22-49m6

CVSS3: 5.9

github

около 2 лет назад

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.

EPSS

Процентиль: 5%

0.00022

Низкий

5.9 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-306

CWE-306