CVE-2023-6595

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.

Published: Dec 14, 2023
Updated: May 4, 2025
CVE: CVE-2023-6595
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
progress / whatsup_gold	-	23.1.0

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
https://www.progress.com/network-monitoring

Vulnerability Database

290,278

CVE-2023-6595