{"cve_id":"CVE-2024-6670","summary":"In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.94468,"ranking_epss":0.99996,"kev":true,"propose_action":"Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user.","ransomware_campaign":"Known","references":["https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024","https://www.progress.com/network-monitoring","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6670"],"published_time":"2024-08-29T22:15:05","cpes":["cpe:2.3:a:progress:whatsup_gold:-","cpe:2.3:a:progress:whatsup_gold:11","cpe:2.3:a:progress:whatsup_gold:15.02","cpe:2.3:a:progress:whatsup_gold:16.3","cpe:2.3:a:progress:whatsup_gold:16.4","cpe:2.3:a:progress:whatsup_gold:17.1.1","cpe:2.3:a:progress:whatsup_gold:18.0","cpe:2.3:a:progress:whatsup_gold:21.1.0","cpe:2.3:a:progress:whatsup_gold:21.1.1","cpe:2.3:a:progress:whatsup_gold:21.1.2","cpe:2.3:a:progress:whatsup_gold:22.0.0","cpe:2.3:a:progress:whatsup_gold:22.0.1","cpe:2.3:a:progress:whatsup_gold:22.0.2","cpe:2.3:a:progress:whatsup_gold:22.1.0","cpe:2.3:a:progress:whatsup_gold:23.0.0","cpe:2.3:a:progress:whatsup_gold:23.0.1","cpe:2.3:a:progress:whatsup_gold:23.0.2","cpe:2.3:a:progress:whatsup_gold:23.1.0","cpe:2.3:a:progress:whatsup_gold:23.1.1","cpe:2.3:a:progress:whatsup_gold:23.1.2","cpe:2.3:a:progress:whatsup_gold:23.1.3","cpe:2.3:a:progress:whatsup_gold:7.0","cpe:2.3:a:progress:whatsup_gold:7.03","cpe:2.3:a:progress:whatsup_gold:7.04","cpe:2.3:a:progress:whatsup_gold:8.0","cpe:2.3:a:progress:whatsup_gold:8.01","cpe:2.3:a:progress:whatsup_gold:8.03"]}