CVE-2024-4561
WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via FaviconController
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In WhatsUp Gold versions released before 2023.1.2 ,
a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server.
En las versiones de WhatsUp Gold lanzadas antes de 2023.1.2, existe una vulnerabilidad SSRF ciega en FaviconController de Whatsup Gold que permite a un atacante enviar solicitudes HTTP arbitrarias en nombre del servidor vulnerable.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability.
The specific flaw exists within the FaviconController class. The issue results from following HTTP redirects. An attacker can leverage this vulnerability to disclose information in the context of the application.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-06 CVE Reserved
- 2024-05-14 CVE Published
- 2024-06-01 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
- CAPEC-54: Query System for Information
- CAPEC-113: Interface Manipulation
References (2)
URL | Tag | Source |
---|---|---|
https://www.progress.com/network-monitoring | Product |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2 | 2024-05-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Progress Software Corporation Search vendor "Progress Software Corporation" | WhatsUp Gold Search vendor "Progress Software Corporation" for product "WhatsUp Gold" | >= 2023.1.0 < 2023.1.2 Search vendor "Progress Software Corporation" for product "WhatsUp Gold" and version " >= 2023.1.0 < 2023.1.2" | en |
Affected
|