Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Whatsup_gold
(Progress)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 56 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-04-14 | CVE-2025-2572 | In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup. | Whatsup_gold | 5.3 | ||
| 2022-10-12 | CVE-2022-42711 | In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser. | Whatsup_gold | 9.6 | ||
| 2024-06-25 | CVE-2024-4885 | In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. | Whatsup_gold | 9.8 | ||
| 2024-12-31 | CVE-2024-12105 | In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. | Whatsup_gold | 6.5 | ||
| 2024-12-31 | CVE-2024-12106 | In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. | Whatsup_gold | 7.5 | ||
| 2024-12-31 | CVE-2024-12108 | In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | Whatsup_gold | 9.6 | ||
| 2024-12-02 | CVE-2024-46907 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | Whatsup_gold | 8.8 | ||
| 2024-12-02 | CVE-2024-46908 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | Whatsup_gold | 8.8 | ||
| 2024-12-02 | CVE-2024-46909 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | Whatsup_gold | 9.8 | ||
| 2024-05-14 | CVE-2024-4561 | In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. | Whatsup_gold | 5.3 |