Vulnerabilities > Progress > Whatsup Gold

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-6367 Cross-site Scripting vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified.
network
low complexity
progress CWE-79
5.4
2023-12-14 CVE-2023-6368 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism.
network
low complexity
progress
5.3
2023-12-14 CVE-2023-6595 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism.
network
low complexity
progress
5.3
2023-06-23 CVE-2023-35759 Cross-site Scripting vulnerability in Progress Whatsup Gold
In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input.
network
low complexity
progress CWE-79
6.1
2022-10-12 CVE-2022-42711 Cross-site Scripting vulnerability in Progress Whatsup Gold
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input.
network
low complexity
progress CWE-79
critical
9.6
2022-05-11 CVE-2022-29845 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Progress Whatsup Gold 21.1.0/21.1.1/22.0.0
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
network
low complexity
progress CWE-829
6.5
2022-05-11 CVE-2022-29846 Unspecified vulnerability in Progress Whatsup Gold
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number.
network
low complexity
progress
5.3
2022-05-11 CVE-2022-29847 Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold 21.1.0/21.1.1/22.0.0
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.
network
low complexity
progress CWE-918
7.5
2022-05-11 CVE-2022-29848 Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.
network
low complexity
progress CWE-918
6.5
2018-05-01 CVE-2018-8939 Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold
An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0).
network
low complexity
progress CWE-918
critical
9.8