CVE-2024-46908

{"id": "CVE-2024-46908", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@progress.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-12-02T15:15:11.967", "references": [{"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024", "tags": ["Vendor Advisory"], "source": "security@progress.com"}, {"url": "https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html", "tags": ["Release Notes"], "source": "security@progress.com"}, {"url": "https://www.progress.com/network-monitoring", "tags": ["Product"], "source": "security@progress.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@progress.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required)\n\n to achieve privilege escalation to the admin account."}, {"lang": "es", "value": "En las versiones de WhatsUp Gold publicadas antes de 2024.0.1, una vulnerabilidad de inyecci\u00f3n SQL permite que un usuario autenticado con pocos privilegios (al menos los permisos de Visor de informes requeridos) logre una escalada de privilegios a la cuenta de administrador."}], "lastModified": "2024-12-10T18:23:09.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07BDB617-53DC-4C9B-BE7B-79A393F1A9C2", "versionEndExcluding": "24.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@progress.com"}