Whatsup Gold Security Vulnerabilities and Issues — Whatsup Gold CVE List

Lucene search

ProgressWhatsup Gold

16 matches found

CVE•added 2022/05/11 6:15 p.m.•543 views

CVE-2022-29847

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.

7.5CVSS7.6AI score0.8791EPSS

CVE•added 2004/10/20 4:0 a.m.•56 views

CVE-2004-0798

Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.

7.5CVSS7.5AI score0.72637EPSS

CVE•added 2024/06/25 9:16 p.m.•51 views

CVE-2024-5018

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory .

7.5CVSS6.2AI score0.00191EPSS

CVE•added 2012/08/15 10:55 p.m.•50 views

CVE-2012-2601

SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.

7.5CVSS8.6AI score0.16692EPSS

CVE•added 2024/06/25 8:15 p.m.•45 views

CVE-2024-5010

In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information.

7.5CVSS7.4AI score0.03312EPSS

CVE•added 2024/06/25 8:15 p.m.•43 views

CVE-2024-5011

In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service.

7.5CVSS7.6AI score0.00707EPSS

CVE•added 2024/06/25 9:16 p.m.•43 views

CVE-2024-5014

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form.

7.1CVSS6.7AI score0.00109EPSS

CVE•added 2024/06/25 9:16 p.m.•43 views

CVE-2024-5016

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for...

7.2CVSS7.4AI score0.00947EPSS

CVE•added 2024/06/25 9:16 p.m.•39 views

CVE-2024-5013

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.

7.5CVSS7.8AI score0.04432EPSS

CVE•added 2024/06/25 9:16 p.m.•39 views

CVE-2024-5019

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges.

7.5CVSS6.2AI score0.00191EPSS

CVE•added 2023/12/14 4:15 p.m.•35 views

CVE-2023-6367

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Roles. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to e...

7.6CVSS5.6AI score0.00028EPSS

CVE•added 2007/05/11 10:19 a.m.•34 views

CVE-2007-2602

Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line ...

7.8CVSS7.8AI score0.02454EPSS

CVE•added 2023/12/14 4:15 p.m.•32 views

CVE-2023-6366

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be ab...

7.6CVSS5.6AI score0.00016EPSS

CVE•added 2023/12/14 4:15 p.m.•31 views

CVE-2023-6365

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be ...

7.6CVSS5.6AI score0.00016EPSS

CVE•added 2023/12/14 4:15 p.m.•30 views

CVE-2023-6364

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a dashboard component. If a WhatsUp Gold user interacts with the crafted payload, the attacker wo...

7.6CVSS5.6AI score0.00014EPSS

CVE•added 2023/12/14 4:15 p.m.•29 views

CVE-2023-6595

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.

7.5CVSS6AI score0.00331EPSS