• 漏洞编号：CVE-2024-6670
• 漏洞等级：严重
• 漏洞标签：Progress、WhatsUp Gold、在野利用
• 发布时间：2024-09-16

漏洞描述

Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user.

修复建议

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

参考链接

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-6670

https://www.cisa.gov/known-exploited-vulnerabilities-catalog