CVE-2024-12106: 
WhatsUp Gold vulnerability analysis and mitigation

In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. This vulnerability, identified as CVE-2024-12106, has been assigned a critical CVSS score of 9.4 by Progress Software Corporation. The vulnerability affects all WhatsUp Gold versions from 23.1.0 up to (excluding) 24.0.2 (NVD, SecurityOnline).

CVE-2024-12106 is classified under CWE-306 (Missing Authentication for Critical Function). The vulnerability allows unauthenticated attackers to configure the Lightweight Directory Access Protocol (LDAP) settings. The severity assessment includes a CVSS v3.1 base score of 9.4 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

The exploitation of this vulnerability could lead to unauthorized access to servers and potential data breaches. The high confidentiality and integrity impact ratings in the CVSS score indicate that successful exploitation could result in the disclosure and modification of sensitive information (SOCRadar).

Progress Software Corporation has released version 24.0.2 of WhatsUp Gold to address this vulnerability. Organizations are strongly advised to upgrade their WhatsUp Gold installations to this latest version to mitigate the security risk (SecurityOnline).