Vulnerabilities > Progress > Whatsup Gold > 23.1.3

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-6670 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
network
low complexity
progress CWE-89
critical
 9.8
9.8
2024-08-29 CVE-2024-6671 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
network
low complexity
progress CWE-89
critical
 9.8
9.8
2024-08-29 CVE-2024-6672 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.
network
low complexity
progress CWE-89
8.8
8.8