Vulnerabilities > Progress > Whatsup Gold > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-12-02 CVE-2024-46909 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
network
low complexity
progress
critical
9.8
2024-08-29 CVE-2024-6671 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
network
low complexity
progress CWE-89
critical
9.8
2024-08-29 CVE-2024-6670 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
network
low complexity
progress CWE-89
critical
9.8
2024-06-25 CVE-2024-4885 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
network
low complexity
progress
critical
9.8
2024-06-25 CVE-2024-4884 Command Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges.
network
low complexity
progress CWE-77
critical
9.8
2024-06-25 CVE-2024-4883 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold.
network
low complexity
progress
critical
9.8
2022-10-12 CVE-2022-42711 Cross-site Scripting vulnerability in Progress Whatsup Gold
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input.
network
low complexity
progress CWE-79
critical
9.6
2018-05-01 CVE-2018-8938 Code Injection vulnerability in Progress Whatsup Gold
A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0).
network
low complexity
progress CWE-94
critical
9.8
2018-05-01 CVE-2018-8939 Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold
An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0).
network
low complexity
progress CWE-918
critical
9.8
2018-01-24 CVE-2018-5777 Unspecified vulnerability in Progress Whatsup Gold
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1).
network
low complexity
progress
critical
9.8