CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5018 – WhatsUp Gold LoadUsingBasePath Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5018
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory . En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad de Path Traversal no autenticada Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. Esto permite la lectura de cualquier archivo desde el directorio raíz web de la ap... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-5017 – WhatsUp Gold AppProfileImport path traversal vulnerability
https://notcve.org/view.php?id=CVE-2024-5017
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad de Path Traversal. Una solicitud HTTP no autenticada especialmente manipulada para AppProfileImport puede dar lugar a la divulgación de información. In WhatsUp Gold versions released before 2023.1.3, a path traversal vuln... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 2%CPEs: 1EXPL: 0CVE-2024-5016 – WhatsUp Gold OnMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5016
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, las instalaciones de Distributed Edition se pueden explotar mediante el uso de una he... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5015 – WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5015
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to Admin. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, una vulnerabilidad SSRF autenticada en Wug.UI.Areas.Wug.Controllers.SessionControler.Update permite a un usuario con pocos privilegios encadenar esta SSRF con una ... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5014 – WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure
https://notcve.org/view.php?id=CVE-2024-5014
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad de Server Side Request Forgery en la función GetASPReport. Esto permite que cualquier usuario autenticado recupere informes ASP desde un formulario HTML. This vulnerability allows remote attackers to disclose sensiti... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 22%CPEs: 1EXPL: 0CVE-2024-5013 – WhatsUp Gold InstallController Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-5013
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, se identificó una vulnerabilidad de denegación de servicio no autenticada. Un atacante no autenticado puede colocar la aplicación en el paso de instalación SetAdminPassword, lo que hace que ... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 1%CPEs: 1EXPL: 0CVE-2024-5012 – WhatsUp Gold Missing Authentication GetWindowsCredential Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5012
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential Library. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, falta una vulnerabilidad de autenticación en WUGDataAccess.Credentials. Esta vulnerabilidad permite a atacantes no autenticados revelar las credenciales de Windows almacenadas en la librería de cr... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 21%CPEs: 1EXPL: 0CVE-2024-5011 – WhatsUp Gold TestController Chart denial of service vulnerability
https://notcve.org/view.php?id=CVE-2024-5011
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad de consumo descontrolado de recursos. Una solicitud HTTP no autenticada especialmente manipulada para la funcionalidad TestController Chart puede provocar una denegación de servicio. In WhatsUp... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 13%CPEs: 1EXPL: 0CVE-2024-5010 – WhatsUp Gold TestController multiple information disclosure vulnerabilities
https://notcve.org/view.php?id=CVE-2024-5010
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad en la funcionalidad TestController. Una solicitud HTTP no autenticada especialmente manipulada puede dar lugar a la divulgación de información confidencial. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 1%CPEs: 1EXPL: 3CVE-2024-5009 – WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-5009
25 Jun 2024 — In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, una vulnerabilidad de control de acceso inadecuado en Wug.UI.Controllers.InstallController.SetAdminPassword permite a atacantes locales modificar la contraseña del administrador. This vulnerability allows local attackers to escalate privileges on affe... • https://packetstorm.news/files/id/179403 • CWE-269: Improper Privilege Management •