Progress Software WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of LoadCSSUsingBasePath method. The issue...

CVE-2024-5019

CVE-2024-5019 relates to Progress/WhatsUp Gold prior to version 2023.1.3. The vulnerability is an unauthenticated Arbitrary File Read in the Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS, allowing reading of files with the iisapppool\NmConsole privileges. The affected software is Whats...