CVE-2024-4562
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
In WhatsUp Gold versions released before 2023.1.2 ,
an SSRF vulnerability exists in Whatsup Gold's
Issue exists in the HTTP Monitoring functionality.
Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Progress Software Corporation | WhatsUp Gold | 2023.1.0 < 2023.1.2 | affected |
Weaknesses
- CWE-918: CWE-918 Server-Side Request Forgery (SSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://www.progress.com/network-monitoring
- https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2
References
- https://www.progress.com/network-monitoring
- https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.