Lucene search
HistoryJun 25, 2024 - 9:16 p.m.
CVE-2024-5017
whatsup gold
path traversal
appprofileimport
vulnerability
information disclosure
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
15.7%
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists.Β A specially crafted unauthenticated HTTP requestΒ to AppProfileImport can lead can lead to information disclosure.
CNA Affected
[
{
"defaultStatus": "affected",
"modules": [
"API Endpoint"
],
"platforms": [
"Windows"
],
"product": "WhatsUp Gold",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
]Related
cvelist
cvelist
CVE-2024-5017 WhatsUp Gold AppProfileImport path traversal vulnerability
2024-06-25 20:25:37
vulnrichment
vulnrichment
CVE-2024-5017 WhatsUp Gold AppProfileImport path traversal vulnerability
2024-06-25 20:25:37
talos
talos
nvd
nvd
CVE-2024-5017
2024-06-25 21:16:01
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
15.7%
Related for CVE-2024-5017