CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46905 – WhatsUp Gold GetOrderByClause SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-46905
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html https://www.progress.com/network-monitoring • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46906 – WhatsUp Gold GetSqlWhereClause SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-46906
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html https://www.progress.com/network-monitoring • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46907 – WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-46907
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html https://www.progress.com/network-monitoring • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46908 – WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-46908
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024 https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html https://www.progress.com/network-monitoring • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11969 – Incorrect default permissions in Cradlepoint NetCloud Exchange
https://notcve.org/view.php?id=CVE-2024-11969
A normal (non-admin) user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. • https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-default-permissions-cradlepoint-netcloud-exchange • CWE-276: Incorrect Default Permissions •