Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Whatsup_gold
(Progress)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 44 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-10-24 | CVE-2024-7763 | In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. | Whatsup_gold | 7.5 | ||
| 2023-12-14 | CVE-2023-6368 | In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold. | Whatsup_gold | 5.3 | ||
| 2023-12-14 | CVE-2023-6595 | In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold. | Whatsup_gold | 5.3 | ||
| 2024-08-29 | CVE-2024-6670 | In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | Whatsup_gold | 9.8 | ||
| 2024-06-25 | CVE-2024-4883 | In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe. | Whatsup_gold | 9.8 | ||
| 2024-06-25 | CVE-2024-4884 | In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges. | Whatsup_gold | 9.8 | ||
| 2024-06-25 | CVE-2024-4885 | In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. | Whatsup_gold | 9.8 | ||
| 2024-06-25 | CVE-2024-5008 | In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. | Whatsup_gold | 8.8 | ||
| 2024-06-25 | CVE-2024-5009 | In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. | Whatsup_gold | 8.4 | ||
| 2024-06-25 | CVE-2024-5010 | In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information. | Whatsup_gold | 7.5 |