CVE-2024-5012

HIGH Year: 2024
CVSS v3 Score
8.6
High
Weakness Type
CWE-287
View all →

Vulnerability Description

In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential Library.

Related Vulnerabilities

CVE-2017-6062

HIGH
CVSS:8.6(High)

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDC...

CWE-2872017

CVE-2017-6413

HIGH
CVSS:8.6(High)

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "Auth...

CWE-2872017

CVE-2018-2449

HIGH
CVSS:8.6(High)

SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality t...

CWE-2872018

CVE-2019-3654

HIGH
CVSS:8.6(High)

Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for...

CWE-2872019

CVE-2019-6521

HIGH
CVSS:8.6(High)

WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.

CWE-2872019

CVE-2020-3944

HIGH
CVSS:8.6(High)

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker w...

CWE-2872020