CVE-2024-46908: 
WhatsUp Gold vulnerability analysis and mitigation

CVE-2024-46908 is a SQL Injection vulnerability discovered in WhatsUp Gold versions prior to 2024.0.1. The vulnerability was disclosed in September 2024 and affects authenticated users with low-level privileges (at least Report Viewer permissions). This security flaw enables privilege escalation from a low-privileged user to an admin account (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) (NVD).

The vulnerability allows authenticated attackers with low-level privileges to potentially gain complete administrative access to the WhatsUp Gold system. This could lead to unauthorized access to sensitive information, system configuration changes, and complete compromise of the monitoring infrastructure (NVD).

Progress Software has released version 2024.0.1 of WhatsUp Gold to address this vulnerability. Organizations are strongly recommended to upgrade to this version as soon as possible to mitigate the risk (CERT-EU).