WhatsUp Gold <2024.0.2 Public API Access Exploit
CVE-2024-12108 Published on December 31, 2024

WhatsUp Gold - Public API signing key rotation issue
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.

NVD

Vulnerability Analysis

CVE-2024-12108 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

Products Associated with CVE-2024-12108

Want to know whenever a new CVE is published for Progress Whatsup Gold? stack.watch will email you.

Progress Whatsup Gold

Affected Versions

Progress Software Corporation WhatsUp Gold:

Version 2023.1.0 and below 2024.0.2 is affected.

Exploit Probability

EPSS

12.63%

Percentile

93.86%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.