CVE-2024-46907

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-46907
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 Vendor Advisory
https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html Release Notes
https://www.progress.com/network-monitoring Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*
History

10 Dec 2024, 18:23

Type Values Removed Values Added
References () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 - () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 - Vendor Advisory
References () https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html - () https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html - Release Notes
References () https://www.progress.com/network-monitoring - () https://www.progress.com/network-monitoring - Product
First Time Progress
Progress whatsup Gold
CPE cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*
Summary
  • (es) En las versiones de WhatsUp Gold publicadas antes de 2024.0.1, una vulnerabilidad de inyección SQL permite que un usuario autenticado con pocos privilegios (al menos los permisos de Visor de informes requeridos) logre una escalada de privilegios a la cuenta de administrador.

02 Dec 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-02 15:15

Updated : 2024-12-10 18:23

NVD link : CVE-2024-46907

Mitre link : CVE-2024-46907

CVE.ORG link : CVE-2024-46907

JSON object : View

Products Affected

progress

  • whatsup_gold
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')