Lucene search
ProgressSoftwareCVE-2024-5017HistoryJun 25, 2024 - 9:16 p.m.
CVE-2024-5017
2024-06-2521:16:01
CWE-22
ProgressSoftware
web.nvd.nist.gov
29
whatsup gold
path traversal
appprofileimport
vulnerability
information disclosure
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
28.3%
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists.Β A specially crafted unauthenticated HTTP requestΒ to AppProfileImport can lead can lead to information disclosure.
Affected configurations
Node
progresswhatsup_goldRange<23.1.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| progress | whatsup_gold | * | cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "affected",
"modules": [
"API Endpoint"
],
"platforms": [
"Windows"
],
"product": "WhatsUp Gold",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
]Related
nvd
nvd
CVE-2024-5017
2024-06-25 21:16:01
vulnrichment
vulnrichment
CVE-2024-5017 WhatsUp Gold AppProfileImport path traversal vulnerability
2024-06-25 20:25:37
cvelist
cvelist
CVE-2024-5017 WhatsUp Gold AppProfileImport path traversal vulnerability
2024-06-25 20:25:37
talos
talos
nessus
nessus
Progress WhatsUp Gold < 23.1.3 Multiple Vulnerabilities (000258130)
2024-08-07 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
28.3%
Related for CVE-2024-5017