Page 134 of 12089 results (0.031 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to disclose information in the context of the service account. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to disclose information in the context of the service account. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1932 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to Admin. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, una vulnerabilidad SSRF autenticada en Wug.UI.Areas.Wug.Controllers.SessionControler.Update permite a un usuario con pocos privilegios encadenar esta SSRF con una vulnerabilidad de control de acceso inadecuado. Esto se puede utilizar para escalar privilegios a Administrador. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Progress Software WhatsUp Gold. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to disclose information in the context of the application. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-918: Server-Side Request Forgery (SSRF) •