Lucene search
ProgressSoftwareCVELIST:CVE-2024-5008HistoryJun 25, 2024 - 7:57 p.m.
CVE-2024-5008 WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability
2024-06-2519:57:16
CWE-434
ProgressSoftware
www.cve.org
2
whatsup gold
apm
unrestricted file upload
file execution
vulnerability
authentication
permissions
file upload
rce
apm controller
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
In WhatsUp Gold versions released before 2023.1.3,
an authenticated user with certain permissions can upload an arbitrary file and obtain RCE usingΒ Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController.
CNA Affected
[
{
"defaultStatus": "affected",
"modules": [
"API Endpoint"
],
"platforms": [
"Windows"
],
"product": "WhatsUp Gold",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-5008
2024-06-25 20:15:13
cve
cve
CVE-2024-5008
2024-06-25 20:15:13
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2024-5008