Vulnerabilities > Progress
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-25 | CVE-2024-5016 | Deserialization of Untrusted Data vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients. | 7.2 |
2024-06-25 | CVE-2024-5017 | Path Traversal vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure. | 6.5 |
2024-06-25 | CVE-2024-5018 | Path Traversal vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. | 7.5 |
2024-06-25 | CVE-2024-5019 | Path Traversal vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. | 7.5 |
2024-06-25 | CVE-2024-4883 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. | 9.8 |
2024-06-25 | CVE-2024-4884 | Command Injection vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges. | 9.8 |
2024-06-25 | CVE-2024-4885 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. | 9.8 |
2024-06-25 | CVE-2024-5008 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. | 8.8 |
2024-06-25 | CVE-2024-5009 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. | 8.4 |
2024-06-25 | CVE-2024-5010 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information. | 7.5 |