CVE-2024-12105
published 2024-12-31CVE-2024-12105: In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure.
PriorityP346medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
42.37%
98.5th percentile
In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | whatsup_gold | >= 23.1.0 < 24.0.2 | 24.0.2 |
| progress_software_corporation | whatsup_gold | >= 2023.1.0 < 2024.0.2 | 2024.0.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Progress WhatsUp Gold SnmpExtendedActiveMonitor Path Traversal Vulnerability (CVE-2024-12105)
suricata·2025-01-22·CVSS 6.5
CVE-2024-12105 [MEDIUM] ET WEB_SPECIFIC_APPS Progress WhatsUp Gold SnmpExtendedActiveMonitor Path Traversal Vulnerability (CVE-2024-12105)
ET WEB_SPECIFIC_APPS Progress WhatsUp Gold SnmpExtendedActiveMonitor Path Traversal Vulnerability (CVE-2024-12105)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Progress WhatsUp Gold SnmpExtendedActiveMonitor Path Traversal Vulnerability (CVE-2024-12105)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/NmConsole/api/core/snmpextendedactivemonitor|3f|xmlFileName|3d|"; fast_pattern; startswith; pcre:"/^[^\x26]*?(?:(?:\x2e|%2[Ee]){1,2}(?:\x2f|\x5c|%5[Cc]|%2[Ff]){1,}){2,}/R"; reference:cve,2024-12105; reference:url,talosintelligence.com/vulnerability_reports/TALOS-2024-2089; classtype:attempted-admin; sid:2059437; rev:1; metadata:affected_product WhatsUp_Gold, attack_target Web_Server, tls_state TLSDecrypt, created_at 2025_01_22, cve CVE_202
No public exploits indexed.
Talos
Whatsup Gold, Observium and Offis vulnerabilities
blogs_talos·2025-01-29·CVSS 7.5
[HIGH] Whatsup Gold, Observium and Offis vulnerabilities
Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold.
These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications implementing DICOM (Digital Imaging and Communications in Medicine) standard formats; and WhatsUp Gold, an IT infrastructure management product.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are alw
Talos
Whatsup Gold, Observium and Offis vulnerabilities
blogs_talos·2025-01-29·CVSS 7.5
[HIGH] Whatsup Gold, Observium and Offis vulnerabilities
## Whatsup Gold, Observium and Offis vulnerabilities
Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold.
These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications implementing DICOM (Digital Imaging and Communications in Medicine) standard formats; and WhatsUp Gold, an IT infrastructure management product.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy .
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Sno
2024-12-31
Published