Lucene search

[email protected]NVD:CVE-2024-4562

HistoryMay 14, 2024 - 9:15 p.m.

CVE-2024-4562

2024-05-1421:15:13

CWE-918

[email protected]

web.nvd.nist.gov

ssrf

vulnerability

whatsup gold

http monitoring

authorization

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

16.4%

JSON

In WhatsUp Gold versions released before 2023.1.2 ,

an SSRF vulnerability exists in Whatsup Gold’s

Issue exists in the HTTP Monitoring functionality.

Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery.

References

community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2

www.progress.com/network-monitoring

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

16.4%

JSON

Related for NVD:CVE-2024-4562

cvelist1 zdi1 cve1 nessus1