Progress WhatsUp Gold SQL Injection Vulnerability

Added Sept. 16, 2024 • Due Oct. 7, 2024 • CVE-2024-6670

Overdue Progress / WhatsUp Gold Known Ransomware Use CWE-89

Description

Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024
https://nvd.nist.gov/vuln/detail/CVE-2024-6670

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 9 months, 3 weeks ago