Vulnerabilities > Progress > Whatsup Gold > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-25 CVE-2024-5018 Path Traversal vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript.
network
low complexity
progress CWE-22
7.5
2024-06-25 CVE-2024-5019 Path Traversal vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3,  an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS.
network
low complexity
progress CWE-22
7.5
2024-06-25 CVE-2024-5008 Unrestricted Upload of File with Dangerous Type vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController.
network
low complexity
progress CWE-434
8.8
2024-06-25 CVE-2024-5009 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
local
low complexity
progress
8.4
2024-06-25 CVE-2024-5010 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality.  A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information.
network
low complexity
progress
7.5
2024-06-25 CVE-2024-5011 Resource Exhaustion vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service.
network
low complexity
progress CWE-400
7.5
2022-05-11 CVE-2022-29847 Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold 21.1.0/21.1.1/22.0.0
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.
network
low complexity
progress CWE-918
7.5
2016-10-06 CVE-2016-1000000 SQL Injection vulnerability in Progress Whatsup Gold
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
network
low complexity
progress CWE-89
8.8