CVE-2023-6368

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.

Published: Dec 14, 2023
Updated: May 4, 2025
CVE: CVE-2023-6368
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
progress / whatsup_gold	-	23.1.0

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
https://www.progress.com/network-monitoring

Vulnerability Database

290,278

CVE-2023-6368