Home

Description

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.

PUBLISHED Reserved 2024-12-03 | Published 2024-12-31 | Updated 2025-01-04 | Assigner ProgressSoftware




CRITICAL: 9.6CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE-290 Authentication Bypass by Spoofing

Product status

Default status
affected

2023.1.0 (semver) before 2024.0.2
affected

Credits

Mike Barber, Software Architect at Progress Software finder

References

www.progress.com/network-monitoring

cve.org (CVE-2024-12108)

nvd.nist.gov (CVE-2024-12108)

Download JSON