CVE-2024-4885

Summary

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The

WhatsUp.ExportUtilities.Export.GetFileWithoutZip

allows execution of commands with iisapppool\nmconsole privileges.

Affected Software

VendorProductVersion RangeStatus
Progress Software CorporationWhatsUp Gold2023.1.0 < 2023.1.3affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References