CVE-2024-6670: WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability

9.8 CVSS

Description

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.

Classification

CVE ID: CVE-2024-6670

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: Progress Software Corporation

Product: WhatsUp Gold

Nuclei Template

http/cves/2024/CVE-2024-6670.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 90.42% (probability of being exploited)

EPSS Percentile: 99.11% (scored less or equal to compared to others)

EPSS Date: 2025-02-25 (when was this score calculated)

References

https://www.progress.com/network-monitoring
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024

Timeline

2025-01-28 00:30:48 UTC
CVE

WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability