CVE-2024-46908
published 2024-12-02CVE-2024-46908: In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer…
PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.26%
80.8th percentile
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required)
to achieve privilege escalation to the admin account.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | whatsup_gold | < 24.0.1 | 24.0.1 |
| progress_software_corporation | whatsup_gold | >= 2023.1.0 < 2024.0.1 | 2024.0.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_oracle7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r39w-239v-ph4m: In WhatsUp Gold versions released before 2024
ghsa_unreviewed·2024-12-02
CVE-2024-46908 [HIGH] CWE-89 GHSA-r39w-239v-ph4m: In WhatsUp Gold versions released before 2024
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required)
to achieve privilege escalation to the admin account.
Oracle
Oracle Oracle MySQL Risk Matrix: MySQL Workbench (SQLite) — CVE-2022-46908
vendor_oracle·2024-01-15·CVSS 7.3
CVE-2022-46908 [HIGH] Oracle Oracle MySQL Risk Matrix: MySQL Workbench (SQLite) — CVE-2022-46908
Oracle Oracle MySQL Risk Matrix: MySQL Workbench (SQLite) vulnerability
CVE: CVE-2022-46908
CVSS: 7.3
Protocol: MySQL Workbench
Remote exploit: No
Affected versions: Local
Advisory: cpujan2024 (JAN 2024)
No detection rules found.
No public exploits indexed.
2024-12-02
Published