Lucene search
ProgressSoftwareCVELIST:CVE-2024-4883HistoryJun 25, 2024 - 7:44 p.m.
CVE-2024-4883 WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability
2024-06-2519:44:42
CWE-78
CWE-77
CWE-94
ProgressSoftware
www.cve.org
8
whatsup gold
rce
vulnerability
directory traversal
remote code execution
progress whatsup gold
nmapi.exe
unauthenticated attacker
service account
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.004
Percentile
74.0%
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe.
CNA Affected
[
{
"defaultStatus": "affected",
"modules": [
"API Endpoint"
],
"platforms": [
"Windows"
],
"product": "WhatsUp Gold",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
cve
cve
CVE-2024-4883
2024-06-25 20:15:12
nvd
nvd
CVE-2024-4883
2024-06-25 20:15:12
githubexploit
githubexploit
Exploit for Command Injection in Progress Whatsup Gold
2024-07-08 12:14:01
thn
thn
Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now
2024-08-08 05:13:00
nessus
nessus
Progress WhatsUp Gold < 23.1.3 Multiple Vulnerabilities (000258130)
2024-08-07 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.004
Percentile
74.0%
Related for CVELIST:CVE-2024-4883