Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Whatsup_gold
(Progress)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 55 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-12-31 | CVE-2024-12105 | In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. | Whatsup_gold | 6.5 | ||
| 2024-12-31 | CVE-2024-12106 | In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. | Whatsup_gold | 7.5 | ||
| 2024-12-31 | CVE-2024-12108 | In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | Whatsup_gold | 9.6 | ||
| 2024-12-02 | CVE-2024-46907 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | Whatsup_gold | 8.8 | ||
| 2024-12-02 | CVE-2024-46908 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | Whatsup_gold | 8.8 | ||
| 2024-12-02 | CVE-2024-46909 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | Whatsup_gold | 9.8 | ||
| 2024-05-14 | CVE-2024-4561 | In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. | Whatsup_gold | 5.3 | ||
| 2024-05-14 | CVE-2024-4562 | In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery. | Whatsup_gold | 5.4 | ||
| 2024-12-02 | CVE-2024-8785 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. | Whatsup_gold | 5.3 | ||
| 2024-12-02 | CVE-2024-46906 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | Whatsup_gold | 8.8 |