CVE-2023-6368

medium

Description

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.

References

https://www.progress.com/network-monitoring

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023

Details

Source: Mitre, NVD

Published: 2023-12-14

Updated: 2023-12-19

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N