CVE-2023-6368 Information

Description

In WhatsUp Gold versions released before 2023.1 an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.

Reference

https://www.progress.com/network-monitoring https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023