Progress

Whatsup Gold

56 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-7763

  • EPSS 1.05%
  • Published 24.10.2024 21:15:15
  • Last modified 30.10.2024 14:13:45

In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.

9.8

CVE-2024-6670

Warning
  • EPSS 94.47%
  • Published 29.08.2024 22:15:05
  • Last modified 17.09.2024 01:00:01

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.

9.8

CVE-2024-6671

  • EPSS 3.6%
  • Published 29.08.2024 22:15:05
  • Last modified 04.09.2024 15:53:07

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.

8.8

CVE-2024-6672

  • EPSS 0.96%
  • Published 29.08.2024 22:15:05
  • Last modified 04.09.2024 14:23:58

In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.

7.5

CVE-2024-5019

  • EPSS 0.16%
  • Published 25.06.2024 21:16:01
  • Last modified 21.11.2024 09:46:47

In WhatsUp Gold versions released before 2023.1.3,  an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges.

7.5

CVE-2024-5018

  • EPSS 0.16%
  • Published 25.06.2024 21:16:01
  • Last modified 21.11.2024 09:46:47

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory .

6.5

CVE-2024-5017

Exploit
  • EPSS 0.76%
  • Published 25.06.2024 21:16:01
  • Last modified 21.11.2024 09:46:47

In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure.

7.2

CVE-2024-5016

  • EPSS 5.13%
  • Published 25.06.2024 21:16:01
  • Last modified 21.11.2024 09:46:47

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM.  The vulnerability exists in the main message processing routines NmDi...

8.8

CVE-2024-5015

  • EPSS 0.07%
  • Published 25.06.2024 21:16:00
  • Last modified 21.11.2024 09:46:47

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be ...

6.5

CVE-2024-5014

  • EPSS 0.07%
  • Published 25.06.2024 21:16:00
  • Last modified 21.11.2024 09:46:47

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form.