Server Side Request Forgery Vulnerability in WhatsUp Gold
CVE-2024-5014

6.5MEDIUM

Key Information:

Vendor: Progress Software
Status: Whatsup Gold
Vendor: CVE Published:; 25 June 2024

Summary

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form.

Affected Version(s)

WhatsUp Gold Windows 2023.1.0

References

https://www.progress.com/network-monitoring

product

https://community.progress.com/s/article/WhatsUp-Gold-Sec...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
May 16, 2024

Collectors

NVD DatabaseMitre Database

Credit

Abdessamad Lahlali of Trend Micro.