CVE-2024-4561

Summary

In WhatsUp Gold versions released before 2023.1.2 ,

a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server.

Affected Software

VendorProductVersion RangeStatus
Progress Software CorporationWhatsUp Gold2023.1.0 < 2023.1.2affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References