CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5014 – WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure
https://notcve.org/view.php?id=CVE-2024-5014
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad de Server Side Request Forgery en la función GetASPReport. Esto permite que cualquier usuario autenticado recupere informes ASP desde un formulario HTML. This vulnerability allows remote attackers to disclose sensiti... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 22%CPEs: 1EXPL: 0CVE-2024-5013 – WhatsUp Gold InstallController Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-5013
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, se identificó una vulnerabilidad de denegación de servicio no autenticada. Un atacante no autenticado puede colocar la aplicación en el paso de instalación SetAdminPassword, lo que hace que ... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 1%CPEs: 1EXPL: 0CVE-2024-5012 – WhatsUp Gold Missing Authentication GetWindowsCredential Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5012
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential Library. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, falta una vulnerabilidad de autenticación en WUGDataAccess.Credentials. Esta vulnerabilidad permite a atacantes no autenticados revelar las credenciales de Windows almacenadas en la librería de cr... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 21%CPEs: 1EXPL: 0CVE-2024-5011 – WhatsUp Gold TestController Chart denial of service vulnerability
https://notcve.org/view.php?id=CVE-2024-5011
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad de consumo descontrolado de recursos. Una solicitud HTTP no autenticada especialmente manipulada para la funcionalidad TestController Chart puede provocar una denegación de servicio. In WhatsUp... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 13%CPEs: 1EXPL: 0CVE-2024-5010 – WhatsUp Gold TestController multiple information disclosure vulnerabilities
https://notcve.org/view.php?id=CVE-2024-5010
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad en la funcionalidad TestController. Una solicitud HTTP no autenticada especialmente manipulada puede dar lugar a la divulgación de información confidencial. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 1%CPEs: 1EXPL: 3CVE-2024-5009 – WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5009
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, una vulnerabilidad de control de acceso inadecuado en Wug.UI.Controllers.InstallController.SetAdminPassword permite a atacantes locales modificar la contraseña del administrador. This vulnerability allows local attackers to escalate privileges on affe... • https://packetstorm.news/files/id/179403 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 15%CPEs: 1EXPL: 0CVE-2024-5008 – WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5008
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, un usuario autenticado con ciertos permisos puede cargar un archivo arbitrario y obtener RCE usando Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. This vulnerability allows remote attackers to execute a... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 93%CPEs: 1EXPL: 2CVE-2024-4885 – Progress WhatsUp Gold Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-4885
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, se detectó una vulnerabilidad de ejecución remota de código no autenticada en WhatsUpGold en curso. WhatsUp.ExportUtilities.Export.GetFileWithoutZip permite la ejecución de comandos con privilegios de... • https://packetstorm.news/files/id/179404 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 37%CPEs: 1EXPL: 0CVE-2024-4884 – WhatsUp Gold CommunityController Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4884
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, se detectó una vulnerabilidad de ejecución remota de código no autenticada en WhatsUpGold en curso. Apm.UI.Areas.APM.Controllers.CommunityController permite la ejecución de comandos con privilegios de... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 80%CPEs: 1EXPL: 2CVE-2024-4883 – WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4883
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe un problema de ejecución remota de código en Progress WhatsUp Gold. Esta vulnerabilidad permite que un atacante no autenticado obtenga RCE como cuenta de servicio a través de NmApi.exe. This vulnerability allows remot... • https://packetstorm.news/files/id/179405 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •