Lucene search

[email protected]NVD:CVE-2024-5014

HistoryJun 25, 2024 - 9:16 p.m.

CVE-2024-5014

2024-06-2521:16:00

CWE-918

[email protected]

web.nvd.nist.gov

whatsup gold

ssrf

getaspreport

server side request forgery

cve-2024-5014

html form

vulnerability

authenticated user

asp reports

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.7%

JSON

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form.

Affected configurations

Nvd

Node

progresswhatsup_goldRange<23.1.3

VendorProductVersionCPE
progresswhatsup_gold*cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
progress	whatsup_gold	*	cpe:2.3:a:progress:whatsup_gold::::::::

References

community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024

www.progress.com/network-monitoring

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.7%

JSON

Related for NVD:CVE-2024-5014

vulnrichment1 cvelist1 cve1 nessus1