Vulnerabilities > Progress > Whatsup Gold > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-02 | CVE-2024-46905 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account. | 8.8 |
| 2024-12-02 | CVE-2024-46906 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 8.8 |
| 2024-12-02 | CVE-2024-46907 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 8.8 |
| 2024-12-02 | CVE-2024-46908 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 8.8 |
| 2024-10-24 | CVE-2024-7763 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. | 7.5 |
| 2024-08-29 | CVE-2024-6672 | SQL Injection vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. | 8.8 |
| 2024-06-25 | CVE-2024-5012 | Improper Authentication vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. | 8.6 |
| 2024-06-25 | CVE-2024-5013 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible. | 7.5 |
| 2024-06-25 | CVE-2024-5015 | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. | 8.8 |
| 2024-06-25 | CVE-2024-5016 | Deserialization of Untrusted Data vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients. | 7.2 |