{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-6595","assignerOrgId":"f9fea0b6-671e-4eea-8fde-31911902ae05","state":"PUBLISHED","assignerShortName":"ProgressSoftware","dateReserved":"2023-12-07T20:21:13.167Z","datePublished":"2023-12-14T16:06:11.767Z","dateUpdated":"2024-10-16T14:37:37.331Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","modules":["API Endpoint"],"product":"WhatsUp Gold","vendor":"Progress Software Corporation","versions":[{"lessThan":"2023.1","status":"affected","version":"2023.0","versionType":"semver"},{"lessThanOrEqual":"2022.1","status":"affected","version":"2022.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.<br><br>"}],"value":"In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold."}],"impacts":[{"capecId":"CAPEC-113","descriptions":[{"lang":"en","value":"CAPEC-113 API Manipulation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-306","description":"CWE-306 Missing Authentication for Critical Function","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f9fea0b6-671e-4eea-8fde-31911902ae05","shortName":"ProgressSoftware","dateUpdated":"2024-10-16T14:37:37.331Z"},"references":[{"tags":["product"],"url":"https://www.progress.com/network-monitoring"},{"tags":["vendor-advisory"],"url":"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023"}],"source":{"discovery":"UNKNOWN"},"title":"WhatsUp Gold Unauthenticated Access to an API Endpoint","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T08:35:14.645Z"},"title":"CVE Program Container","references":[{"tags":["product","x_transferred"],"url":"https://www.progress.com/network-monitoring"},{"tags":["vendor-advisory","x_transferred"],"url":"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023"}]}]}}