CVE-2024-12108 CRITICAL

CVE-2024-12108: WhatsUp Gold - Public API signing key rotation issue

Vendor Progress Software Corporation
Product WhatsUp Gold
Weakness CWE-290
Published December 31, 2024
Last update January 4, 2025

CVSS base score

9.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.

Key dates

02Disclosure timeline

December 31, 2024 CVE published
January 4, 2025 Record updated