Lucene search
HistoryJun 25, 2024 - 9:16 p.m.
CVE-2024-5017
whatsup gold
path traversal vulnerability
information disclosure
unauthenticated http request
cve-2024-5017
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
28.3%
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists.Β A specially crafted unauthenticated HTTP requestΒ to AppProfileImport can lead can lead to information disclosure.
Affected configurations
Node
progresswhatsup_goldRange<23.1.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| progress | whatsup_gold | * | cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2024-5017 WhatsUp Gold AppProfileImport path traversal vulnerability
2024-06-25 20:25:37
vulnrichment
vulnrichment
CVE-2024-5017 WhatsUp Gold AppProfileImport path traversal vulnerability
2024-06-25 20:25:37
cve
cve
CVE-2024-5017
2024-06-25 21:16:01
talos
talos
nessus
nessus
Progress WhatsUp Gold < 23.1.3 Multiple Vulnerabilities (000258130)
2024-08-07 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
28.3%
Related for NVD:CVE-2024-5017