// For flags

CVE-2023-6595

WhatsUp Gold Unauthenticated Access to an API Endpoint

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.

En las versiones de WhatsUp Gold lanzadas antes de 2023.1, se descubrió que a un endpoint de API le faltaba un mecanismo de autenticación. Es posible que un atacante no autenticado enumere información de credenciales auxiliares almacenada en WhatsUp Gold.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-12-07 CVE Reserved
  • 2023-12-14 CVE Published
  • 2023-12-20 EPSS Updated
  • 2024-03-02 First Exploit
  • 2024-10-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-306: Missing Authentication for Critical Function
  • CWE-862: Missing Authorization
CAPEC
  • CAPEC-113: Interface Manipulation
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Progress
Search vendor "Progress"
 Whatsup Gold
Search vendor "Progress" for product "Whatsup Gold"
 < 23.1.0
Search vendor "Progress" for product "Whatsup Gold" and version " < 23.1.0"
-
Affected