Vulnerability Details CVE-2024-5008
In WhatsUp Gold versions released before 2023.1.3,
an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 86.7%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2024-5008
-
cpe:2.3:a:progress:whatsup_gold:-
-
cpe:2.3:a:progress:whatsup_gold:11
-
cpe:2.3:a:progress:whatsup_gold:15.02
-
cpe:2.3:a:progress:whatsup_gold:16.3
-
cpe:2.3:a:progress:whatsup_gold:16.4
-
cpe:2.3:a:progress:whatsup_gold:17.1.1
-
cpe:2.3:a:progress:whatsup_gold:18.0
-
cpe:2.3:a:progress:whatsup_gold:21.1.0
-
cpe:2.3:a:progress:whatsup_gold:21.1.1
-
cpe:2.3:a:progress:whatsup_gold:21.1.2
-
cpe:2.3:a:progress:whatsup_gold:22.0.0
-
cpe:2.3:a:progress:whatsup_gold:22.0.1
-
cpe:2.3:a:progress:whatsup_gold:22.0.2
-
cpe:2.3:a:progress:whatsup_gold:22.1.0
-
cpe:2.3:a:progress:whatsup_gold:23.0.0
-
cpe:2.3:a:progress:whatsup_gold:23.0.1
-
cpe:2.3:a:progress:whatsup_gold:23.0.2
-
cpe:2.3:a:progress:whatsup_gold:23.1.0
-
cpe:2.3:a:progress:whatsup_gold:23.1.1
-
cpe:2.3:a:progress:whatsup_gold:23.1.2
-
cpe:2.3:a:progress:whatsup_gold:7.0
-
cpe:2.3:a:progress:whatsup_gold:7.03
-
cpe:2.3:a:progress:whatsup_gold:7.04
-
cpe:2.3:a:progress:whatsup_gold:8.0
-
cpe:2.3:a:progress:whatsup_gold:8.01
-
cpe:2.3:a:progress:whatsup_gold:8.03