CVE-2024-4561

In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2	Vendor Advisory
https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2	Vendor Advisory
https://www.progress.com/network-monitoring	Product
https://www.progress.com/network-monitoring	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

History

09 Dec 2024, 13:31

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CPE		cpe:2.3:a:progress:whatsup_gold::::::::
References	~~() https://www.progress.com/network-monitoring -~~	() https://www.progress.com/network-monitoring - Product
References	~~() https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2 -~~	() https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2 - Vendor Advisory
First Time		Progress Progress whatsup Gold
CWE		CWE-918

14 May 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 21:15

Updated : 2024-12-09 13:31

NVD link : CVE-2024-4561

Mitre link : CVE-2024-4561

JSON object : View

Products Affected

progress

whatsup_gold

CWE

CWE-918

Server-Side Request Forgery (SSRF)

5.3 /10