Vulnerabilities > Progress > Whatsup Gold
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-02 | CVE-2024-46905 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account. | 8.8 |
| 2024-12-02 | CVE-2024-46906 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 8.8 |
| 2024-12-02 | CVE-2024-46907 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 8.8 |
| 2024-12-02 | CVE-2024-46908 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 8.8 |
| 2024-12-02 | CVE-2024-46909 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | 9.8 |
| 2024-12-02 | CVE-2024-8785 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. | 5.3 |
| 2024-10-24 | CVE-2024-7763 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. | 7.5 |
| 2024-08-29 | CVE-2024-6670 | SQL Injection vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | 9.8 |
| 2024-08-29 | CVE-2024-6671 | SQL Injection vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | 9.8 |
| 2024-08-29 | CVE-2024-6672 | SQL Injection vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. | 8.8 |