Vulnerabilities > Progress > Whatsup Gold

DATE CVE VULNERABILITY TITLE RISK
2024-06-25 CVE-2024-5012 Improper Authentication vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials.
network
low complexity
progress CWE-287
8.6
2024-06-25 CVE-2024-5013 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.
network
low complexity
progress
7.5
2024-06-25 CVE-2024-5014 Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature.
network
low complexity
progress CWE-918
6.5
2024-06-25 CVE-2024-5015 Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability.
network
low complexity
progress CWE-918
8.8
2024-06-25 CVE-2024-5016 Deserialization of Untrusted Data vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM.  The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients.
network
low complexity
progress CWE-502
7.2
2024-06-25 CVE-2024-5017 Path Traversal vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure.
network
low complexity
progress CWE-22
6.5
2024-06-25 CVE-2024-5018 Path Traversal vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript.
network
low complexity
progress CWE-22
7.5
2024-06-25 CVE-2024-5019 Path Traversal vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3,  an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS.
network
low complexity
progress CWE-22
7.5
2024-06-25 CVE-2024-4883 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold.
network
low complexity
progress
critical
9.8
2024-06-25 CVE-2024-4884 Command Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges.
network
low complexity
progress CWE-77
critical
9.8