CVE-2024-6670

CriticalKnown ExploitedRansomware

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users…

ProgressSoftware·CWE-89·Published 2024-08-29

CVSS

9.8

EPSS

0.95

KEV

Yes

Exploits

Vendor statements (1)

community.progress.com

cve.orgen

157 chars

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.

NVDes

179 chars

En las versiones de WhatsUp Gold lanzadas antes de 2024.0.0, una vulnerabilidad de inyección SQL permite que un atacante no autenticado recupere la contraseña cifrada del usuario.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H