Lucene search
Abdessamad Lahlali of Trend Micro.ZDI-24-517HistoryMay 29, 2024 - 12:00 a.m.
Progress Software WhatsUp Gold FaviconController Server-Side Request Forgery Information Disclosure Vulnerability
2024-05-2900:00:00
Abdessamad Lahlali of Trend Micro.
www.zerodayinitiative.com
3
vulnerability
remote attackers
sensitive information
authentication
faviconcontroller
http redirects
application
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the FaviconController class. The issue results from following HTTP redirects. An attacker can leverage this vulnerability to disclose information in the context of the application.
Related
cvelist
cvelist
nvd
nvd
CVE-2024-4561
2024-05-14 21:15:13
cve
cve
CVE-2024-4561
2024-05-14 21:15:13
vulnrichment
vulnrichment
nessus
nessus
Progress WhatsUp Gold < 23.1.2 Multiple Vulnerabilities (000255428)
2024-05-31 00:00:00