Lucene search
K
ProgressWhatsup Gold

56 matches found

CVE
CVE
added 2022/05/11 5:55 p.m.574 views

CVE-2022-29846

Progress WhatsUp Gold (versions 16.1–21.1.1 and 22.0.0) is affected by a vulnerability that allows an unauthenticated attacker to obtain the product installation serial number. The publicly provided documents confirm affected versions and the disclosure impact, but do not specify the root cause d...

5.3CVSS5.9AI score0.05132EPSS
CVE
CVE
added 2022/05/11 5:55 p.m.572 views

CVE-2022-29845

Summary: CVE-2022-29845 affects Progress Ipswitch WhatsUp Gold versions 21.1.0–21.1.1 and 22.0.0. An authenticated user can trigger an API transaction to read the contents of a local file. The Red Hat and CVE CN/CZ records corroborate this issue with the same description. The Metasploit entry sho...

6.5CVSS6.3AI score0.03914EPSS
CVE
CVE
added 2022/05/11 5:56 p.m.564 views

CVE-2022-29847

CVE-2022-29847 affects Progress IPSWITCH WhatsUp Gold versions 21.0.0–21.1.1 and 22.0.0. An unauthenticated attacker can invoke an API transaction to relay encrypted WhatsUp Gold user credentials to an arbitrary host. Impact: credential exposure via API, enabling unauthorized access. Exploitation...

7.5CVSS7.6AI score0.55861EPSS
CVE
CVE
added 2022/05/11 5:56 p.m.561 views

CVE-2022-29848

CVE-2022-29848 affects Progress WhatsUp Gold 17.0.0–21.1.1 and 22.0.0. An authenticated user can invoke an API transaction that enables reading sensitive operating-system attributes from a host accessible by the WhatsUp Gold system. The Red Hat, CVE, and related references corroborate the issue a...

6.5CVSS6.8AI score0.03513EPSS
CVE
CVE
added 2024/08/29 10:4 p.m.232 views

CVE-2024-6670

Summary (CVE-2024-6670): Progress WhatsUp Gold prior to version 24.0.0 contains a SQL Injection vulnerability that can allow an unauthenticated attacker to retrieve a user’s encrypted password. Public references confirm exploitation guidance (e.g., Metasploit module) and acknowledgments by CISA K...

9.8CVSS9.8AI score0.94661EPSS
In wild
CVE
CVE
added 2024/06/25 7:48 p.m.209 views

CVE-2024-4885

Progress WhatsUp Gold GetFileWithoutZip Directory Traversal (CVE-2024-4885) allows unauthenticated remote code execution. The flaw stems from unvalidated user-supplied paths used in file operations within GetFileWithoutZip, enabling commands to run with iisapppool\nmconsole/service account privil...

9.8CVSS10AI score0.99288EPSS
In wild
CVE
CVE
added 2023/06/23 12:0 a.m.137 views

CVE-2023-35759

WhatsUp Gold before 23.0.0 contains a cross-site scripting (XSS) vulnerability in a SNMP-related application endpoint that fails to sanitize input, allowing an unauthenticated attacker to execute arbitrary code in a victim’s browser. The issue is reported as stored XSS in the sysName SNMP paramet...

6.1CVSS6.6AI score0.0213EPSS
CVE
CVE
added 2024/12/31 10:31 a.m.109 views

CVE-2024-12108

CVE-2024-12108 affects Progress WhatsUp Gold versions before 2024.0.2. The available connected sources indicate that an attacker can gain unauthorized access to the WhatsUp Gold server through the public API. The impact is described as high/critical in CVSS terms (network access, low attack compl...

9.6CVSS9.4AI score0.06798EPSS
CVE
CVE
added 2024/12/02 2:49 p.m.103 views

CVE-2024-8785

CVE-2024-8785 affects Progress WhatsUp Gold pre-2024.0.1. The vulnerability stems from NmAPI.exe enabling remote unauthenticated actors to create or modify a registry value at HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch, potentially enabling remote code execution. Connected documents confirm...

9.8CVSS9.5AI score0.09504EPSS
CVE
CVE
added 2024/06/25 7:46 p.m.95 views

CVE-2024-4884

The CVE-2024-4884 family affects Progress WhatsUp Gold versions released before 2023.1.3, with unauthenticated remote code execution via the CommunityController (Apm.UI.Areas.APM.Controllers.CommunityController) and related paths (GetFileWithoutZip) that allow command execution with iisapppool\nm...

9.8CVSS10AI score0.24306EPSS
CVE
CVE
added 2024/08/29 10:6 p.m.86 views

CVE-2024-6671

WhatsUp Gold (Progress) is affected in versions released before 2024.0.0 where, in single-user configurations, an unauthenticated attacker can perform SQL injection to retrieve encrypted user passwords (authentication bypass risk). The connected Nuclei template confirms the vulnerability as a SQL...

9.8CVSS9.8AI score0.14886EPSS
In wild
CVE
CVE
added 2024/12/31 10:32 a.m.80 views

CVE-2024-12105

Talos TALOS-2024-2089 describes a path traversal vulnerability in Progress WhatsUp Gold 24.0.1 Build 2177 (Total Plus Edition) via the SnmpExtendedActiveMonitor functionality. An authenticated user can craft a request to SNMP Extended Monitor actions (xmlFileName parameter) which is used unsafely...

6.5CVSS6.2AI score0.42369EPSS
CVE
CVE
added 2025/04/14 4:6 p.m.80 views

CVE-2025-2572

CVE-2025-2572 affects Progress WhatsUp Gold before 2024.0.3. A database manipulation vulnerability allows an unauthenticated attacker to modify WhatsUp.dbo.WrlsMacAddressGroup. Impact is integrity loss of that table; no explicit exploit details provided in the documents. Remediation: upgrade to v...

5.6CVSS5.5AI score0.00228EPSS
CVE
CVE
added 2004/08/27 4:0 a.m.76 views

CVE-2004-0798

CVE-2004-0798 affects Ipswitch WhatsUp Gold web server (versions 8.03 and earlier). A buffer overflow in the internal _maincfgret.cgi when processing a long instancename parameter allows remote attackers to execute arbitrary code, as documented by multiple sources. Public exploit references exist...

7.5CVSS7.5AI score0.62577EPSS
CVE
CVE
added 2024/06/25 7:44 p.m.74 views

CVE-2024-4883

Progress WhatsUp Gold is affected pre-2023.1.3 by an unauthenticated remote code execution via NmApi.exe (CVE-2024-4883). The root cause involves improper handling/validation in the NmApi surface enabling code execution as the service account. Impact is high (RCE, remote compromise). A PoC/exploi...

9.8CVSS9.7AI score0.64779EPSS
CVE
CVE
added 2016/01/08 2:0 a.m.73 views

CVE-2015-8261

Ipswitch WhatsUp Gold before 16.4 is vulnerable to SQL injection via the DroneDeleteOldMeasurements SOAP handler, caused by improper validation of serialized XML objects. A remote attacker can craft a SOAP request to inject/manipulate SQL in the back-end database, potentially exposing or altering...

9.8CVSS9.5AI score0.0355EPSS
CVE
CVE
added 2024/06/25 7:58 p.m.70 views

CVE-2024-5009

CVE-2024-5009 : Progress WhatsUp Gold pre-2023.1.3 contains an improper access control in Wug.UI.Controllers.InstallController.SetAdminPassword that allows local attackers to modify the admin password (privilege escalation). Affected product: Progress WhatsUp Gold; vulnerability appears in the Se...

8.4CVSS8.1AI score0.1503EPSS
CVE
CVE
added 2024/06/25 8:27 p.m.70 views

CVE-2024-5018

Progress WhatsUp Gold contains a Path Traversal vulnerability (CVE-2024-5018) in the LoadNMScript path, affecting versions released before 2023.1.3. The issue resides in Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript and allows reading files from the application's web-root without au...

7.5CVSS6.2AI score0.00771EPSS
CVE
CVE
added 2016/10/06 2:0 p.m.67 views

CVE-2016-1000000

CVE-2016-1000000 concerns a SQL injection in Ipswitch WhatsUp Gold, specifically in the web page WrFreeFormText.asp via the sUniqueID parameter (and related fields). The vulnerability is described as a Blind SQL Injection in version 16.4.1, with potential for an authenticated, remote attacker to ...

8.8CVSS9.1AI score0.01332EPSS
CVE
CVE
added 2024/08/29 10:7 p.m.66 views

CVE-2024-6672

Summary: CVE-2024-6672 affects Progress WhatsUp Gold versions prior to 2024.0.0. A SQL injection in the getMonitorJoin path allows an authenticated, low-privileged attacker to escalate privileges by modifying a privileged user’s password. The vulnerability relies on unsafely constructed SQL using...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2024/12/02 2:45 p.m.65 views

CVE-2024-46905

CVE-2024-46905 affects Progress WhatsUp Gold prior to 2024.0.1. A SQL Injection vulnerability in the GetOrderByClause function allows an authenticated, lower-privileged user (at least Network Manager permissions) to escalate to the admin account. The issue is mitigated by upgrading to 2024.0.1 or...

8.8CVSS9.1AI score0.02256EPSS
CVE
CVE
added 2024/12/02 2:46 p.m.65 views

CVE-2024-46909

Progress WhatsUp Gold prior to 2024.0.1 is affected by a directory traversal that can lead to remote code execution. The root cause is exposed WriteDataFile handling, allowing an unauthenticated remote attacker to execute code in the service account context. Remediation: update to version 2024.0....

9.8CVSS9.6AI score0.49171EPSS
CVE
CVE
added 2024/10/24 8:11 p.m.65 views

CVE-2024-7763

Summary: CVE-2024-7763 affects Progress Software WhatsUp Gold prior to 2024.0.0. The vulnerability is an authentication bypass in the getReport feature, enabling an attacker to obtain encrypted user credentials. Affected software: Progress WhatsUp Gold (versions before 2024.0.0). Root cause / vul...

9.8CVSS8.6AI score0.00621EPSS
CVE
CVE
added 2012/08/15 10:0 p.m.62 views

CVE-2012-2601

Ipswitch WhatsUp Gold 15.02 is affected by CVE-2012-2601 due to a blind SQL injection in WrVMwareHostList.asp via the sGroupList parameter, allowing remote SQL command execution. The issue is documented in multiple sources (NVD, CERT, Nessus) with PoC-like references and a CVSS base score of 7.5....

7.5CVSS8.6AI score0.02913EPSS
CVE
CVE
added 2015/12/27 2:0 a.m.62 views

CVE-2015-6004

Ipswitch WhatsUp Gold prior to 16.4 is affected by CVE-2015-6004 (SQL injection) via the sUniqueID/Find Device inputs in the Reports component, enabling an authenticated remote attacker to manipulate or disclose data in the backend database. The issue is complemented by CVE-2015-6005 (stored XSS)...

6.5CVSS7.7AI score0.02266EPSS
CVE
CVE
added 2022/10/12 12:0 a.m.61 views

CVE-2022-42711

CVE-2022-42711 affects Progress WhatsUp Gold prior to 22.1.0. The SNMP MIB Walker endpoint fails to sanitize input, enabling an unauthenticated attacker to execute arbitrary code in a victim’s browser. Documented by multiple sources (Red Hat, NVD/CVE records, CNNVD, PT-Security) with a high-sever...

9.6CVSS9.4AI score0.00988EPSS
CVE
CVE
added 2024/12/31 10:32 a.m.61 views

CVE-2024-12106

CVE-2024-12106 affects Progress WhatsUp Gold versions before 2024.0.2. The vulnerability is an authentication-bypass-like issue where an unauthenticated attacker can configure LDAP settings through the product, exposing risk to access control and data integrity. Multiple connected sources corrobo...

9.4CVSS9.4AI score0.09442EPSS
CVE
CVE
added 2024/06/25 8:23 p.m.60 views

CVE-2024-5016

Progress WhatsUp Gold before 2023.1.3 is affected by an OnMessage deserialization vulnerability that allows remote code execution as SYSTEM. The issue occurs in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage (server) and NmDistributed.DistributedClient.OnM...

7.2CVSS7.4AI score0.22367EPSS
CVE
CVE
added 2018/05/01 4:0 p.m.59 views

CVE-2018-8939

CVE-2018-8939 describes a Server-Side Request Forgery (SSRF) in NmAPI.exe of Ipswitch WhatsUp Gold, affecting versions prior to 18.0. An attacker can submit specially crafted requests via NmAPI.exe to gain unauthorized access, obtain information about the WhatsUp Gold system, or execute remote co...

9.8CVSS9.4AI score0.01443EPSS
CVE
CVE
added 2024/12/02 2:40 p.m.58 views

CVE-2024-46908

WhatsUp Gold (Progress) has a SQL Injection vulnerability (CVE-2024-46908) exploitable by an authenticated, low-privileged user with at least Report Viewer permissions, enabling privilege escalation to admin. Affected are versions released before 2024.0.1, where the GetFilterCriteria function is ...

8.8CVSS9.1AI score0.02256EPSS
CVE
CVE
added 2024/06/25 7:57 p.m.58 views

CVE-2024-5008

Progress WhatsUp Gold is affected in versions released before 2023.1.3 where an authenticated user with certain permissions can upload an arbitrary file via Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController to achieve remote code execution. The issue is documented across mu...

8.8CVSS8.8AI score0.1733EPSS
CVE
CVE
added 2024/06/25 8:15 p.m.58 views

CVE-2024-5015

CVE-2024-5015 – Progress WhatsUp Gold : Affected product is Progress WhatsUp Gold, versions released before 2023.1.3. An authenticated SSRF in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low-privileged user to chain this SSRF with an Improper Access Control vulnerability to esca...

8.8CVSS7.3AI score0.00525EPSS
CVE
CVE
added 2024/06/25 8:25 p.m.58 views

CVE-2024-5017

Summary of CVE-2024-5017 : In Progress WhatsUp Gold, the AppProfileImport endpoint (authenticated path) is vulnerable to a path traversal flaw. A crafted HTTP request with a manipulated fileName parameter enables an attacker to probe for file existence and potentially disclose information from th...

6.5CVSS6.5AI score0.01636EPSS
CVE
CVE
added 2004/09/17 4:0 a.m.57 views

CVE-2004-0799

Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 are affected by a vulnerability in the HTTP daemon where processing a GET request containing an MS-DOS device name (notably prn.htm) triggers an unhandled exception, causing the web server component to crash and resulting in a denial of service. The is...

5CVSS6.6AI score0.06202EPSS
CVE
CVE
added 2024/12/02 2:42 p.m.57 views

CVE-2024-46907

WhatsUp Gold (Progress) versions prior to 2024.0.1 are affected by a SQL Injection in the GetFilterCriteria path that can be exploited by an authenticated low-privileged user (at least Report Viewer) to escalate to admin. Affected component: GetFilterCriteria SQL path; root cause: SQL Injection d...

8.8CVSS9.1AI score0.02256EPSS
CVE
CVE
added 2024/06/25 8:10 p.m.57 views

CVE-2024-5012

Progress WhatsUp Gold

8.6CVSS8.6AI score0.00445EPSS
CVE
CVE
added 2015/12/27 2:0 a.m.56 views

CVE-2015-6005

Ipswitch WhatsUp Gold (pre-16.4) is affected by multiple XSS vulnerabilities (CVE-2015-6005) due to improper validation in various fields (e.g., SNMP OID objects, SNMP traps, View/Group/Policy/Template Libraries, System Script Library, CLI Settings, etc.). An authenticated remote attacker could i...

6.9CVSS6.4AI score0.01866EPSS
CVE
CVE
added 2023/12/14 4:5 p.m.56 views

CVE-2023-6367

Progress WhatsUp Gold versions released before 2023.1 are affected by a stored cross-site scripting (XSS) vulnerability in Roles. An attacker can store a crafted XSS payload in Roles, and when a user interacts with it, malicious JavaScript could run in the victim’s browser. Root cause: input stor...

7.6CVSS5.6AI score0.00513EPSS
CVE
CVE
added 2024/12/02 2:44 p.m.56 views

CVE-2024-46906

Progress WhatsUp Gold before 24.0.1 is affected by a GetSqlWhereClause SQL Injection that can escalate an authenticated, low-privilege user (Report Viewer) to admin. Affected product: Progress WhatsUp Gold. Root cause: improper validation of a user-supplied string used to build SQL queries. Impac...

8.8CVSS9.1AI score0.40584EPSS
CVE
CVE
added 2024/06/25 8:0 p.m.54 views

CVE-2024-5010

Progress Software’s WhatsUp Gold TestController contains an information-disclosure vulnerability (CVE-2024-5010) affecting versions such as 23.1.0 Build 1697 prior to 23.1.3. An unauthenticated HTTP request can disclose sensitive data (e.g., Devices and NetworkInterfaces), enabling disclosure of ...

7.5CVSS7.4AI score0.69952EPSS
CVE
CVE
added 2024/06/25 8:13 p.m.54 views

CVE-2024-5014

CVE-2024-5014 affects Progress WhatsUp Gold prior to 2023.1.3, where the GetASPReport feature permits an authenticated user to retrieve ASP reports, revealing sensitive information. The root cause is an information-disclosure vulnerability in GetASPReport, enabling SSRF-style access to reports. T...

7.1CVSS6.7AI score0.00477EPSS
CVE
CVE
added 2023/12/14 4:6 p.m.53 views

CVE-2023-6368

CVE-2023-6368 affects Progress WhatsUp Gold versions prior to 2023.1, where an API endpoint is missing authentication. This allows an unauthenticated attacker to enumerate information about a registered device being monitored. Connected sources also show an associated advisory that generally reco...

5.9CVSS5.7AI score0.00554EPSS
CVE
CVE
added 2024/06/25 8:1 p.m.53 views

CVE-2024-5011

CVE-2024-5011 affects Progress WhatsUp Gold. Talos confirms an unauthenticated HTTP request to the TestController Chart endpoint can trigger denial of service, via the CreateChart path when pieces is large. Vulnerable version: WhatsUp Gold 23.1.0 Build 1697 (and likely prior to 2023.1.3 per CVE d...

7.5CVSS7.6AI score0.47092EPSS
CVE
CVE
added 2024/06/25 8:11 p.m.53 views

CVE-2024-5013

Affected product: Progress WhatsUp Gold (pre-2023.1.3 builds). Vulnerability: Unauthenticated Denial of Service via the InstallController flow, where an attacker can force the application into the SetAdminPassword installation step, rendering the app unavailable. Impact: Availability impact (serv...

7.5CVSS7.8AI score0.00847EPSS
CVE
CVE
added 2018/01/24 3:0 p.m.51 views

CVE-2018-5778

Ipswitch WhatsUp Gold (before 2017 Plus SP1 17.1.1) contains SQL injection vulnerabilities in legacy .ASP pages. The root cause is insufficient input validation in those pages, enabling remote attackers to execute arbitrary SQL commands via unspecified vectors. Documented impacts include potentia...

9.8CVSS10AI score0.01127EPSS
CVE
CVE
added 2023/12/14 4:5 p.m.51 views

CVE-2023-6366

Progress WhatsUp Gold pre-2023.1 has a stored XSS in Alert Center (CVE-2023-6366). An attacker can store a payload, and when a user interacts with it, malicious JavaScript runs in the victim’s browser context. Affected product: WhatsUp Gold; vulnerability originates from storing payloads in Alert...

7.6CVSS5.6AI score0.00513EPSS
CVE
CVE
added 2024/06/25 8:29 p.m.51 views

CVE-2024-5019

CVE-2024-5019 relates to Progress/WhatsUp Gold prior to version 2023.1.3. The vulnerability is an unauthenticated Arbitrary File Read in the Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS, allowing reading of files with the iisapppool\NmConsole privileges. The affected software is Whats...

7.5CVSS6.2AI score0.00771EPSS
CVE
CVE
added 2023/12/14 4:4 p.m.48 views

CVE-2023-6364

Concrete details available: Progress WhatsUp Gold before version 2023.1 contains a stored XSS vulnerability in dashboard components. An attacker can craft a payload stored in a dashboard element; when a user interacts with it, the attacker could execute malicious JavaScript in the victim’s browse...

7.6CVSS5.6AI score0.00513EPSS
CVE
CVE
added 2012/08/15 10:0 p.m.47 views

CVE-2012-4344

CVE-2012-4344 affects Ipswitch WhatsUp Gold 15.02, with a cross-site scripting (XSS) vulnerability in the web interface that allows remote attackers to inject arbitrary script via unspecified vectors involving the SNMP system name. The available documents identify the affected product/version and...

4.3CVSS5.7AI score0.03811EPSS
CVE
CVE
added 2007/05/11 10:0 a.m.46 views

CVE-2007-2602

CVE-2007-2602 describes a buffer overflow in Ipswitch WhatsUp Gold 11, specifically in the MIBEXTRA.EXE component, triggered by a long MIB filename argument. The underlying issue may allow a denial of service (application crash) and can potentially enable arbitrary code execution. Affected softwa...

7.8CVSS7.8AI score0.0346EPSS
Total number of security vulnerabilities56