4 matches found
CVE-2024-5015
In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to Admin...
CVE-2024-5011
In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service...
PT-2024-33960 · Ipswitch · Whatsup Gold
Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2023.1.3 Description: An unauthenticated Denial of Service issue was identified, allowing an unauthenticated attacker to put the application into the SetAdminPassword installation step. This renders the...
PT-2024-33982 · Ipswitch · Whatsup Gold
Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2023.1.3 Description: The issue involves an authenticated Server-Side Request Forgery SSRF vulnerability in the Wug.UI.Areas.Wug.Controllers.SessionControler.Update function. This vulnerability can be chained wi...