Lucene search
ProgressSoftwareCVELIST:CVE-2024-5017HistoryJun 25, 2024 - 8:25 p.m.
CVE-2024-5017 WhatsUp Gold AppProfileImport path traversal vulnerability
2024-06-2520:25:37
CWE-22
ProgressSoftware
www.cve.org
3
whatsup gold
appprofileimport
path traversal
vulnerability
information disclosure
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
15.7%
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists.Β A specially crafted unauthenticated HTTP requestΒ to AppProfileImport can lead can lead to information disclosure.
CNA Affected
[
{
"defaultStatus": "affected",
"modules": [
"API Endpoint"
],
"platforms": [
"Windows"
],
"product": "WhatsUp Gold",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2023.1.3",
"status": "affected",
"version": "2023.1.0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-5017 WhatsUp Gold AppProfileImport path traversal vulnerability
2024-06-25 20:25:37
talos
talos
nvd
nvd
CVE-2024-5017
2024-06-25 21:16:01
cve
cve
CVE-2024-5017
2024-06-25 21:16:01
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
15.7%
Related for CVELIST:CVE-2024-5017