Unauthenticated Path Traversal Vulnerability in WhatsUp Gold Web-Root Directory
CVE-2024-5018

7.5HIGH

Key Information:

Vendor: Progress Software
Status: Whatsup Gold
Vendor: CVE Published:; 25 June 2024

Summary

The vulnerability in WhatsUp Gold allows an attacker to exploit an unauthenticated Path Traversal flaw within the SessionController.LoadNMScript functionality. This security issue enables unauthorized users to read any file stored in the application's web-root directory, posing a significant risk to the integrity and confidentiality of sensitive information. Users of WhatsUp Gold should ensure they are running versions 2023.1.3 or later to mitigate this vulnerability and safeguard their network operations.

Affected Version(s)

WhatsUp Gold Windows 2023.1.0

References

https://www.progress.com/network-monitoring

product

https://community.progress.com/s/article/WhatsUp-Gold-Sec...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
May 16, 2024

Collectors

NVD DatabaseMitre Database

Credit

Abdessamad Lahlali of Trend Micro.