Progress: >> Whatsup Gold >> 17.1.1 Security Vulnerabilities
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
CVSS Score
9.8
EPSS Score
0.024
Published
2024-12-02
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-12-02
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.
CVSS Score
8.8
EPSS Score
0.011
Published
2024-12-02
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
CVSS Score
8.8
EPSS Score
0.012
Published
2024-12-02
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
CVSS Score
8.8
EPSS Score
0.012
Published
2024-12-02
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required)
to achieve privilege escalation to the admin account.
CVSS Score
8.8
EPSS Score
0.013
Published
2024-12-02
In WhatsUp Gold versions released before 2024.0.0,
an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.
CVSS Score
9.8
EPSS Score
0.009
Published
2024-10-24
CVE-2024-6670
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
Known exploited
CVSS Score
9.8
EPSS Score
0.945
Published
2024-08-29
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.
CVSS Score
8.8
EPSS Score
0.028
Published
2024-08-29
In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM.
The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients.
CVSS Score
7.2
EPSS Score
0.009
Published
2024-06-25
Page 1