exploitDog

CVE-2023-6595

Опубликовано: 14 дек. 2023

Источник: nvd

CVSS3: 7.5

CVSS3: 5.3

EPSS Низкий

Описание

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.

Ссылки

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
Vendor Advisory
https://www.progress.com/network-monitoring
Product
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
Vendor Advisory
https://www.progress.com/network-monitoring
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

Версия до 23.1.0 (исключая)

EPSS

Процентиль: 55%

0.00331

Низкий

7.5 High

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-306

CWE-306

Связанные уязвимости

GHSA-2jqj-w7h9-j4g2

CVSS3: 7.5

github

около 2 лет назад

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.

EPSS

Процентиль: 55%

0.00331

Низкий

7.5 High

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-306

CWE-306