nvd-json-data-feeds/CVE-2024/CVE-2024-66xx/CVE-2024-6671.json

{
  "id": "CVE-2024-6671",
  "sourceIdentifier": "security@progress.com",
  "published": "2024-08-29T22:15:05.767",
  "lastModified": "2024-08-30T13:00:05.390",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password."
    },
    {
      "lang": "es",
      "value": "En las versiones de WhatsUp Gold lanzadas antes de 2024.0.0, si la aplicaci\u00f3n est\u00e1 configurada con un solo usuario, una vulnerabilidad de inyecci\u00f3n SQL permite que un atacante no autenticado recupere la contrase\u00f1a cifrada del usuario."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@progress.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@progress.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024",
      "source": "security@progress.com"
    },
    {
      "url": "https://www.progress.com/network-monitoring",
      "source": "security@progress.com"
    }
  ]
}
Auto-Update: 2024-08-29T23:55:17.430150+00:00 2024-08-29 23:58:13 +00:00			`{`
			`"id": "CVE-2024-6671",`
			`"sourceIdentifier": "security@progress.com",`
			`"published": "2024-08-29T22:15:05.767",`
Auto-Update: 2024-08-30T14:00:18.315797+00:00 2024-08-30 14:03:14 +00:00			`"lastModified": "2024-08-30T13:00:05.390",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2024-08-29T23:55:17.430150+00:00 2024-08-29 23:58:13 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password."`
Auto-Update: 2024-08-30T14:00:18.315797+00:00 2024-08-30 14:03:14 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "En las versiones de WhatsUp Gold lanzadas antes de 2024.0.0, si la aplicaci\u00f3n est\u00e1 configurada con un solo usuario, una vulnerabilidad de inyecci\u00f3n SQL permite que un atacante no autenticado recupere la contrase\u00f1a cifrada del usuario."`
Auto-Update: 2024-08-29T23:55:17.430150+00:00 2024-08-29 23:58:13 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "security@progress.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 9.8,`
			`"baseSeverity": "CRITICAL"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 5.9`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "security@progress.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-89"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024",`
			`"source": "security@progress.com"`
			`},`
			`{`
			`"url": "https://www.progress.com/network-monitoring",`
			`"source": "security@progress.com"`
			`}`
			`]`
			`}`