cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12105,https://securityvulnerability.io/vulnerability/CVE-2024-12105,Information Disclosure Vulnerability in Progress Software's WhatsUp Gold,"In specific versions of WhatsUp Gold managed by Progress Software, an issue exists where authenticated users can exploit specially crafted HTTP requests. This can potentially lead to unauthorized information disclosure, compromising sensitive data. It is crucial for users and administrators of WhatsUp Gold to be aware of these vulnerabilities and apply the necessary updates to maintain system integrity.",Progress Software,Whatsup Gold,6.5,MEDIUM,0.0005000000237487257,false,false,false,false,false,false,false,2024-12-31T10:32:08.238Z,0
CVE-2024-12106,https://securityvulnerability.io/vulnerability/CVE-2024-12106,LDAP Configuration Vulnerability in WhatsUp Gold,"An unauthorized configuration vulnerability exists in WhatsUp Gold versions prior to 2024.0.2, enabling unauthenticated attackers to modify LDAP settings. This flaw may lead to unauthorized access and manipulation of system configurations, significantly compromising network security and management integrity.",Progress Software,Whatsup Gold,7.5,HIGH,0.0004799999878741801,false,false,false,false,false,false,false,2024-12-31T10:32:02.035Z,267
CVE-2024-12108,https://securityvulnerability.io/vulnerability/CVE-2024-12108,Unauthorized Access via Public API in WhatsUp Gold,"Inversions of WhatsUp Gold released before version 2024.0.2, a security flaw allows unauthorized access to the WhatsUp Gold server through its public API. This vulnerability poses a risk as attackers can exploit this access method to potentially execute unauthorized actions within the application. It is essential for users of WhatsUp Gold to address this issue by updating to the latest version and implementing best practices for API security.",Progress Software,Whatsup Gold,9.6,CRITICAL,0.0006900000153109431,false,false,false,false,false,false,false,2024-12-31T10:31:56.107Z,0
CVE-2024-8785,https://securityvulnerability.io/vulnerability/CVE-2024-8785,Remote Code Execution Vulnerability in WhatsUp Gold,"The vulnerability CVE-2024-8785 affects WhatsUp Gold versions released before 2024.0.1, allowing unauthenticated attackers to leverage NmAPI.exe to create or change registry values. This can lead to a remote code execution vulnerability, making it a critical issue. A PoC exploit for this vulnerability has been published, and it is important for users to upgrade to version 24.0.1 as soon as possible to mitigate the risk of exploitation. In the past, attackers have capitalized on publicly released PoC exploits for other WhatsUp Gold flaws, highlighting the urgency of addressing this vulnerability.",Progress Software,Whatsup Gold,5.3,MEDIUM,0.0005200000014156103,false,true,false,true,,false,false,2024-12-02T14:49:36.748Z,0
CVE-2024-46909,https://securityvulnerability.io/vulnerability/CVE-2024-46909,Remote code execution vulnerability in WhatsUp Gold,"A vulnerability exists in WhatsUp Gold prior to version 2024.0.1 that allows remote unauthenticated attackers to execute arbitrary code in the context of the service account. This could lead to unauthorized access and control over critical network monitoring functions, emphasizing the need for users to update to the latest version to mitigate potential exploitation risks.",Progress Software,Whatsup Gold,9.8,CRITICAL,0.0006600000197067857,false,false,false,false,,false,false,2024-12-02T14:46:49.513Z,0
CVE-2024-46905,https://securityvulnerability.io/vulnerability/CVE-2024-46905,Privilege Escalation Vulnerability Affects WhatsUp Gold Users,"A SQL Injection vulnerability exists in WhatsUp Gold versions released before 2024.0.1. This flaw enables an authenticated user with lower privileges, specifically those holding Network Manager permissions, to exploit the vulnerability and escalate their privileges to that of an admin account. This could lead to unauthorized access and control over the WhatsUp Gold system, posing significant security risks. Immediate updates to the latest version are essential to mitigate potential threats associated with this vulnerability.",Progress Software,Whatsup Gold,8.8,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2024-12-02T14:45:13.504Z,0
CVE-2024-46906,https://securityvulnerability.io/vulnerability/CVE-2024-46906,Privilege Escalation Vulnerability in WhatsUp Gold Allows Low-Privileged Users to Access Admin Account,A SQL Injection vulnerability exists in WhatsUp Gold that enables a low-privileged authenticated user with at least Report Viewer permissions to perform actions typically reserved for an admin account. This defect can be exploited by attackers to escalate their privileges and gain unauthorized access to sensitive features and data within the application. It is essential for users of WhatsUp Gold to be aware of this vulnerability and to update to versions released after 2024.0.1 to mitigate potential security risks.,Progress Software,Whatsup Gold,8.8,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2024-12-02T14:44:08.220Z,0
CVE-2024-46907,https://securityvulnerability.io/vulnerability/CVE-2024-46907,Privilege Escalation Vulnerability in WhatsUp Gold Prior to 2024.0.1,"A SQL Injection vulnerability exists in WhatsUp Gold versions released before 2024.0.1. This security flaw allows an authenticated low-privileged user, specifically one with Report Viewer permissions, to perform unauthorized actions and escalate privileges to that of an admin account. This vulnerability poses a significant risk as it can enable malicious users to gain elevated access and control over critical network monitoring functions.",Progress Software,Whatsup Gold,8.8,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2024-12-02T14:42:08.418Z,0
CVE-2024-46908,https://securityvulnerability.io/vulnerability/CVE-2024-46908,WhatsUp Gold SQL Injection Vulnerability Could Lead to Privilege Escalation,"A SQL Injection vulnerability in WhatsUp Gold versions released before 2024.0.1 can be exploited by authenticated low-privileged users, specifically those with Report Viewer permissions, to escalate their privileges to that of an admin account. This vulnerability poses a significant security risk, as it allows unauthorized users to potentially control sensitive functionalities and data within the WhatsUp Gold platform.",Progress Software,Whatsup Gold,8.8,HIGH,0.0006000000284984708,false,false,false,false,,false,false,2024-12-02T14:40:08.735Z,0
CVE-2024-7763,https://securityvulnerability.io/vulnerability/CVE-2024-7763,Authentication Bypass Vulnerability in WhatsUp Gold (Before 2024.0.0),"An Authentication Bypass vulnerability in WhatsUp Gold allows attackers to exploit the issue in versions released before 2024.0.0. This flaw enables unauthorized individuals to gain access to encrypted user credentials, potentially compromising sensitive information. Organizations using affected versions should seek to apply the latest security updates and ensure proper security protocols are in place.",Progress Software,Whatsup Gold,7.5,HIGH,0.0012400000123307109,false,false,false,false,,false,false,2024-10-24T21:15:00.000Z,0
CVE-2024-6670,https://securityvulnerability.io/vulnerability/CVE-2024-6670,Unauthenticated SQL Injection Vulnerability in Pre-2024.0.0 Versions of WhatsUp Gold Allows Access to Encrypted Passwords,"An unauthenticated SQL injection vulnerability in pre-2024.0.0 versions of WhatsUp Gold from Progress Software Corporation allows the retrieval of encrypted passwords without authentication. Hackers have been actively exploiting this vulnerability since August 30, using publicly available exploit code. They are able to execute remote code, deploy malicious payloads, and establish persistence on compromised systems. The use of multiple remote access tools suggests that ransomware actors may be involved in the attacks. Progress Software released security updates to address the issues, but many organizations have not yet updated their software, leaving them vulnerable to exploitation. This highlights the urgency of addressing the vulnerability to prevent unauthorized access and system compromise.",Progress Software,Whatsup Gold,9.8,CRITICAL,0.9104899764060974,true,true,true,true,,false,false,2024-08-29T22:15:00.000Z,0
CVE-2024-6672,https://securityvulnerability.io/vulnerability/CVE-2024-6672,Low-Privileged Authentication Bypass Vulnerability in WhatsUp Gold,"A SQL Injection vulnerability exists in WhatsUp Gold versions prior to 2024.0.0, allowing attackers with low privileges to modify the password of a privileged user. This security flaw can lead to unauthorized access, enabling the attacker to escalate their privileges and gain control over sensitive functionalities within the application. Organizations utilizing this software must evaluate their security posture and apply necessary patches to mitigate potential risks associated with this vulnerability.",Progress Software,Whatsup Gold,8.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-08-29T22:15:00.000Z,0
CVE-2024-6671,https://securityvulnerability.io/vulnerability/CVE-2024-6671,Unauthenticated SQL Injection Vulnerability in WhatsUp Gold Users' Encrypted Passwords,"A SQL Injection vulnerability exists in WhatsUp Gold versions released before 2024.0.0 that can be exploited by attackers. If the application is configured to allow access for a single user, an unauthenticated attacker can retrieve the encrypted password of that user, potentially compromising account security. This vulnerability highlights the importance of secure application configuration and adherence to best security practices.",Progress Software,Whatsup Gold,9.8,CRITICAL,0.0012400000123307109,false,true,false,false,,false,false,2024-08-29T22:15:00.000Z,0
CVE-2024-5019,https://securityvulnerability.io/vulnerability/CVE-2024-5019,Unauthenticated Arbitrary File Read Vulnerability in WhatsUp Gold,"An unauthenticated Arbitrary File Read vulnerability exists in WhatsUp Gold, specifically in the Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS component. This flaw affects versions released before 2023.1.3, permitting unauthorized access to read any file within the context of the iisapppool\NmConsole privileges. The potential exploitation of this vulnerability could lead to significant data exposure, making it critical for users to apply patches and updates to safeguard their systems.",Progress Software,Whatsup Gold,7.5,HIGH,0.0014199999859556556,false,false,false,false,,false,false,2024-06-25T20:29:00.522Z,0
CVE-2024-5018,https://securityvulnerability.io/vulnerability/CVE-2024-5018,Unauthenticated Path Traversal Vulnerability in WhatsUp Gold Web-Root Directory,"The vulnerability in WhatsUp Gold allows an attacker to exploit an unauthenticated Path Traversal flaw within the SessionController.LoadNMScript functionality. This security issue enables unauthorized users to read any file stored in the application's web-root directory, posing a significant risk to the integrity and confidentiality of sensitive information. Users of WhatsUp Gold should ensure they are running versions 2023.1.3 or later to mitigate this vulnerability and safeguard their network operations.",Progress Software,Whatsup Gold,7.5,HIGH,0.0014199999859556556,false,false,false,false,,false,false,2024-06-25T20:27:11.395Z,0
CVE-2024-5017,https://securityvulnerability.io/vulnerability/CVE-2024-5017,WhatsUp Gold Path Traversal Vulnerability Could Lead to Information Disclosure,"In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure.",Progress Software,Whatsup Gold,6.5,MEDIUM,0.000699999975040555,false,false,false,false,,false,false,2024-06-25T20:25:37.761Z,0
CVE-2024-5016,https://securityvulnerability.io/vulnerability/CVE-2024-5016,Remote Code Execution Vulnerability in WhatsUp Gold Distributed Edition,"The security vulnerability affects WhatsUp Gold, particularly in its Distributed Edition installations released before version 2023.1.3. The flaw is rooted in the message processing routines, specifically within NmDistributed.DistributedServiceBehavior.OnMessage for servers and NmDistributed.DistributedClient.OnMessage for clients. This vulnerability can be exploited via a deserialization tool, enabling an attacker to achieve Remote Code Execution with SYSTEM-level privileges, potentially compromising the integrity and confidentiality of the affected systems.",Progress Software,Whatsup Gold,7.2,HIGH,0.0006799999973736703,false,false,false,false,,false,false,2024-06-25T20:23:46.895Z,0
CVE-2024-5015,https://securityvulnerability.io/vulnerability/CVE-2024-5015,Low-Privileged User Can Escalate Privileges to Admin via SSRF and IAC Vulnerabilities in WhatsUp Gold Before 2023.1.3,"A security vulnerability has been identified in WhatsUp Gold, where an authenticated Server Side Request Forgery (SSRF) vulnerability exists in the Session Controller component, specifically within Wug.UI.Areas.Wug.Controllers.SessionControler.Update. This flaw allows low privileged users to exploit the vulnerability in conjunction with an improper access control weakness. The exploitation can lead to unauthorized privilege escalation, enabling a low level user to gain administrative access within the application. It is essential for users of WhatsUp Gold to upgrade to version 2023.1.3 or later to mitigate this risk.",Progress Software,Whatsup Gold,8.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-06-25T20:15:07.575Z,0
CVE-2024-5014,https://securityvulnerability.io/vulnerability/CVE-2024-5014,Server Side Request Forgery Vulnerability in WhatsUp Gold,"In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form.",Progress Software,Whatsup Gold,6.5,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2024-06-25T20:13:21.304Z,0
CVE-2024-5013,https://securityvulnerability.io/vulnerability/CVE-2024-5013,Unauthenticated Denial of Service Vulnerability in WhatsUp Gold Prior to 2023.1.3,"An unauthenticated Denial of Service vulnerability exists in WhatsUp Gold versions prior to 2023.1.3, which permits an unauthorized attacker to trigger a fault during the SetAdminPassword installation step. This exploitation method can lead to the application becoming inaccessible, significantly affecting service availability and operational continuity.",Progress Software,Whatsup Gold,7.5,HIGH,0.0006699999794363976,false,false,false,false,,false,false,2024-06-25T20:11:58.100Z,0
CVE-2024-5012,https://securityvulnerability.io/vulnerability/CVE-2024-5012,Missing Authentication Vulnerability in WhatsUp Gold Could Lead to Windows Credentials Disclosure,"In WhatsUp Gold versions prior to 2023.1.3, an authentication vulnerability exists within the WUGDataAccess.Credentials component. This issue allows unauthenticated attackers to access and disclose sensitive Windows Credentials that are stored in the product's Credential Library. Organizations using affected versions of WhatsUp Gold should take immediate measures to mitigate the risk associated with this vulnerability.",Progress Software,Whatsup Gold,8.6,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2024-06-25T20:10:33.358Z,0
CVE-2024-5011,https://securityvulnerability.io/vulnerability/CVE-2024-5011,Uncontrolled Resource Consumption Vulnerability in WhatsUp Gold Prior to 2023.1.3 Could Lead to Denial of Service,"An uncontrolled resource consumption vulnerability has been identified in WhatsUp Gold versions released before 2023.1.3. This vulnerability allows attackers to exploit a specifically crafted unauthenticated HTTP request targeting the TestController Chart functionality. Successful exploitation of this flaw can result in a denial of service, affecting system availability and performance.",Progress Software,Whatsup Gold,7.5,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-06-25T20:01:47.996Z,0
CVE-2024-5010,https://securityvulnerability.io/vulnerability/CVE-2024-5010,WhatsUp Gold vulnerability puts sensitive information at risk,"A significant vulnerability has been identified in WhatsUp Gold, specifically in the TestController functionality of versions released before 2023.1.3. This vulnerability allows for a specially crafted HTTP request to be sent without authentication, which can lead to the disclosure of sensitive information. This poses a notable risk to users who rely on this network monitoring tool, as unauthorized parties may gain access to critical data. It is recommended that users upgrade to the latest version to mitigate any potential threats associated with this vulnerability.",Progress Software,Whatsup Gold,7.5,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2024-06-25T20:00:07.728Z,0
CVE-2024-5009,https://securityvulnerability.io/vulnerability/CVE-2024-5009,Local Attackers Can Modify Admin's Password in Pre-2023.1.3 Versions of WhatsUp Gold,"CVE-2024-5009 is a local privilege escalation vulnerability found in pre-2023.1.3 versions of WhatsUp Gold by Progress Software Corporation. The vulnerability allows local attackers to modify the admin's password, allowing them to escalate their privileges and take control of the system. The vulnerability can be exploited unauthenticated and has the potential to affect the entire network of users and machines managed by WhatsUp Gold. A proof of concept exploit for this vulnerability has been published, indicating the urgency of addressing this issue. The impact of the vulnerability is severe and requires immediate patching to prevent unauthorized access and control over affected systems.",Progress Software,Whatsup Gold,8.4,HIGH,0.000590000010561198,false,true,false,true,true,false,false,2024-06-25T19:58:48.237Z,0
CVE-2024-5008,https://securityvulnerability.io/vulnerability/CVE-2024-5008,Arbitrary File Upload Vulnerability in WhatsUp Gold Could Lead to Remote Code Execution,"A remote code execution vulnerability exists in WhatsUp Gold versions prior to 2023.1.3, where an authenticated user possessing specific permissions can exploit the flaw by uploading arbitrary files. This occurs through the Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController component. The implications of this vulnerability can lead to unauthorized command execution on the server, potentially compromising the integrity and confidentiality of the system.",Progress Software,Whatsup Gold,8.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-06-25T19:57:16.744Z,0