CVE-2024-46907

Name of the Vulnerable Software and Affected Versions WhatsUp Gold versions prior to 2024.0.1

Description A SQL Injection issue allows an authenticated low-privileged user, with at least Report Viewer permissions, to escalate privileges to the admin account. This issue can be exploited by a user with limited access, potentially leading to significant security breaches.

Recommendations For versions prior to 2024.0.1, update to version 2024.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the GetFilterCriteria function until a patch is available. Additionally, limiting privileges for low-privileged users and closely monitoring system activity can help minimize the risk of exploitation.