{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6672", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2024-07-10T19:45:29.346Z", "datePublished": "2024-08-29T22:07:13.727Z", "dateUpdated": "2024-08-30T13:45:45.129Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["API Endpoint"], "platforms": ["Windows"], "product": "WhatsUp Gold", "vendor": "Progress Software Corporation", "versions": [{"lessThan": "2024.0.0", "status": "affected", "version": "2023.1.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password."}], "value": "In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-08-29T22:07:13.727Z"}, "references": [{"tags": ["product"], "url": "https://www.progress.com/network-monitoring"}, {"tags": ["vendor-advisory"], "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024"}], "source": {"discovery": "UNKNOWN"}, "title": "WhatsUp Gold getMonitorJoin SQL Injection Privilege Escalation Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "progress", "product": "whatsupgold", "cpes": ["cpe:2.3:a:progress:whatsupgold:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "2023.1.0", "status": "affected", "lessThan": "2024.0.0", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-30T13:44:33.392630Z", "id": "CVE-2024-6672", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T13:45:45.129Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6672", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-30T13:44:33.392630Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:progress:whatsupgold:*:*:*:*:*:*:*:*"], "vendor": "progress", "product": "whatsupgold", "versions": [{"status": "affected", "version": "2023.1.0", "lessThan": "2024.0.0", "versionType": "semver"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T13:45:29.131Z"}}], "cna": {"title": "WhatsUp Gold getMonitorJoin SQL Injection Privilege Escalation Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Progress Software Corporation", "modules": ["API Endpoint"], "product": "WhatsUp Gold", "versions": [{"status": "affected", "version": "2023.1.0", "lessThan": "2024.0.0", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "affected"}], "references": [{"url": "https://www.progress.com/network-monitoring", "tags": ["product"]}, {"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.", "supportingMedia": [{"type": "text/html", "value": "In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-08-29T22:07:13.727Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6672", "state": "PUBLISHED", "dateUpdated": "2024-08-30T13:45:45.129Z", "dateReserved": "2024-07-10T19:45:29.346Z", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "datePublished": "2024-08-29T22:07:13.727Z", "assignerShortName": "ProgressSoftware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*", "matchCriteriaId": "F88DF254-746E-41F3-A2CA-0DC0B5C49837", "versionEndExcluding": "24.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password."}, {"lang": "es", "value": "En las versiones de WhatsUp Gold lanzadas antes de 2024.0.0, una vulnerabilidad de inyecci\u00f3n SQL permite que un atacante autenticado con pocos privilegios logre una escalada de privilegios modificando la contrase\u00f1a de un usuario privilegiado."}], "id": "CVE-2024-6672", "lastModified": "2024-09-04T14:23:58.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@progress.com", "type": "Secondary"}]}, "published": "2024-08-29T22:15:05.953", "references": [{"source": "security@progress.com", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024"}, {"source": "security@progress.com", "tags": ["Product"], "url": "https://www.progress.com/network-monitoring"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@progress.com", "type": "Secondary"}]}

{}

{}