CVE-2024-7763 (GCVE-0-2024-7763)
Vulnerability from cvelistv5 – Published: 2024-10-24 20:11 – Updated: 2024-10-29 03:55
VLAI?
Title
WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability
Summary
In WhatsUp Gold versions released before 2024.0.0,
an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.
Severity ?
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software Corporation | WhatsUp Gold |
Affected:
2023.1.0 , < 2024.0.0
(semver)
|
Credits
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:progress:whatsup_gold:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "whatsup_gold",
"vendor": "progress",
"versions": [
{
"lessThan": "2024.0.0",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T03:55:09.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"API Endpoint"
],
"platforms": [
"Windows"
],
"product": "WhatsUp Gold",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2024.0.0",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In WhatsUp Gold versions released before 2024.0.0,\u0026nbsp;\n\n\u003cspan style=\"background-color: rgba(161, 189, 217, 0.08);\"\u003ean Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "In WhatsUp Gold versions released before 2024.0.0,\u00a0\n\nan Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T20:11:50.614Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://www.progress.com/network-monitoring"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-7763",
"datePublished": "2024-10-24T20:11:50.614Z",
"dateReserved": "2024-08-13T18:22:43.153Z",
"dateUpdated": "2024-10-29T03:55:09.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"24.0\", \"matchCriteriaId\": \"F88DF254-746E-41F3-A2CA-0DC0B5C49837\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In WhatsUp Gold versions released before 2024.0.0,\\u00a0\\n\\nan Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.\"}, {\"lang\": \"es\", \"value\": \"En las versiones de WhatsUp Gold lanzadas antes de 2024.0.0, existe un problema de omisi\\u00f3n de autenticaci\\u00f3n que permite a un atacante obtener credenciales de usuario cifradas.\"}]",
"id": "CVE-2024-7763",
"lastModified": "2024-10-30T14:13:45.763",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@progress.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-10-24T21:15:15.033",
"references": "[{\"url\": \"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024\", \"source\": \"security@progress.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.progress.com/network-monitoring\", \"source\": \"security@progress.com\", \"tags\": [\"Product\"]}]",
"sourceIdentifier": "security@progress.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"security@progress.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-7763\",\"sourceIdentifier\":\"security@progress.com\",\"published\":\"2024-10-24T21:15:15.033\",\"lastModified\":\"2024-10-30T14:13:45.763\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In WhatsUp Gold versions released before 2024.0.0,\u00a0\\n\\nan Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.\"},{\"lang\":\"es\",\"value\":\"En las versiones de WhatsUp Gold lanzadas antes de 2024.0.0, existe un problema de omisi\u00f3n de autenticaci\u00f3n que permite a un atacante obtener credenciales de usuario cifradas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@progress.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@progress.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"24.0\",\"matchCriteriaId\":\"F88DF254-746E-41F3-A2CA-0DC0B5C49837\"}]}]}],\"references\":[{\"url\":\"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024\",\"source\":\"security@progress.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.progress.com/network-monitoring\",\"source\":\"security@progress.com\",\"tags\":[\"Product\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7763\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-25T15:35:59.957934Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:progress:whatsup_gold:-:*:*:*:*:*:*:*\"], \"vendor\": \"progress\", \"product\": \"whatsup_gold\", \"versions\": [{\"status\": \"affected\", \"version\": \"2023.1.0\", \"lessThan\": \"2024.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-25T15:38:20.031Z\"}}], \"cna\": {\"title\": \"WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative\"}], \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Progress Software Corporation\", \"modules\": [\"API Endpoint\"], \"product\": \"WhatsUp Gold\", \"versions\": [{\"status\": \"affected\", \"version\": \"2023.1.0\", \"lessThan\": \"2024.0.0\", \"versionType\": \"semver\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://www.progress.com/network-monitoring\", \"tags\": [\"product\"]}, {\"url\": \"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In WhatsUp Gold versions released before 2024.0.0,\\u00a0\\n\\nan Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In WhatsUp Gold versions released before 2024.0.0,\u0026nbsp;\\n\\n\u003cspan style=\\\"background-color: rgba(161, 189, 217, 0.08);\\\"\u003ean Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"f9fea0b6-671e-4eea-8fde-31911902ae05\", \"shortName\": \"ProgressSoftware\", \"dateUpdated\": \"2024-10-24T20:11:50.614Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-7763\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-28T15:08:53.788Z\", \"dateReserved\": \"2024-08-13T18:22:43.153Z\", \"assignerOrgId\": \"f9fea0b6-671e-4eea-8fde-31911902ae05\", \"datePublished\": \"2024-10-24T20:11:50.614Z\", \"assignerShortName\": \"ProgressSoftware\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…