CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5014 – WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure
https://notcve.org/view.php?id=CVE-2024-5014
In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad de Server Side Request Forgery en la función GetASPReport. Esto permite que cualquier usuario autenticado recupere informes ASP desde un formulario HTML. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5012 – WhatsUp Gold Missing Authentication GetWindowsCredential Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5012
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential Library. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, falta una vulnerabilidad de autenticación en WUGDataAccess.Credentials. Esta vulnerabilidad permite a atacantes no autenticados revelar las credenciales de Windows almacenadas en la librería de credenciales del producto. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5010 – WhatsUp Gold TestController multiple information disclosure vulnerabilities
https://notcve.org/view.php?id=CVE-2024-5010
In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad en la funcionalidad TestController. Una solicitud HTTP no autenticada especialmente manipulada puede dar lugar a la divulgación de información confidencial. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1933 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-23962 – Alpine Halo9 Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23962
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-23937 – Silicon Labs Gecko OS Debug Interface Format String Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23937
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. •