CVE-2024-12108

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.1 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.progress.com/network-monitoring	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

06 Jan 2025, 16:51

Type	Values Removed	Values Added
References	~~() https://www.progress.com/network-monitoring -~~	() https://www.progress.com/network-monitoring - Product
First Time		Microsoft Progress Microsoft windows Progress whatsup Gold
Summary		(es) En las versiones de WhatsUp Gold lanzadas antes de 2024.0.2, un atacante puede obtener acceso al servidor de WhatsUp Gold a través de la API pública.
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:progress:whatsup_gold::::::::

31 Dec 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-31 11:15

Updated : 2025-01-06 16:51

NVD link : CVE-2024-12108

Mitre link : CVE-2024-12108

CVE.ORG link : CVE-2024-12108

JSON object : View

Products Affected

progress

whatsup_gold

microsoft

windows

CWE

CWE-290

Authentication Bypass by Spoofing

{"id": "CVE-2024-12108", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@progress.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 3.1}]}, "published": "2024-12-31T11:15:06.780", "references": [{"url": "https://www.progress.com/network-monitoring", "tags": ["Product"], "source": "security@progress.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@progress.com", "description": [{"lang": "en", "value": "CWE-290"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API."}, {"lang": "es", "value": "En las versiones de WhatsUp Gold lanzadas antes de 2024.0.2, un atacante puede obtener acceso al servidor de WhatsUp Gold a trav\u00e9s de la API p\u00fablica."}], "lastModified": "2025-01-06T16:51:11.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED8E39FD-B945-4AD4-8342-F9D4DA15D802", "versionEndExcluding": "24.0.2", "versionStartIncluding": "23.1.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@progress.com"}