CVE-2024-4884
published 2024-06-25CVE-2024-4884: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The…
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
24.31%
97.6th percentile
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController
allows execution of commands with iisapppool\nmconsole privileges.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | whatsup_gold | < 23.1.3 | 23.1.3 |
| progress_software_corporation | whatsup_gold | >= 2023.1.0 < 2023.1.3 | 2023.1.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2024-6162 undertow: url-encoded request path information can be broken on ajp-listener
bugzilla·2024-06-19·CVSS 7.5
CVE-2024-6162 [HIGH] CVE-2024-6162 undertow: url-encoded request path information can be broken on ajp-listener
CVE-2024-6162 undertow: url-encoded request path information can be broken on ajp-listener
URL-encoded request path information can be broken for concurrent requests on ajp-listener causing the wrong path to be processed ending in a possible denial of service.
Discussion:
This issue has been addressed in the following products:
Red Hat build of Apache Camel 4.4.1 for Spring Boot
Via RHSA-2024:4884 https://access.redhat.com/errata/RHSA-2024:4884
Bugzilla
CVE-2024-23081 threetenbp: null pointer exception
bugzilla·2024-04-09·CVSS 3.3
CVE-2024-23081 [LOW] CVE-2024-23081 threetenbp: null pointer exception
CVE-2024-23081 threetenbp: null pointer exception
ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate).
http://threeten.com
https://gist.github.com/LLM4IG/3cc9183dcd887020368a0bafeafec5e3
https://github.com/ThreeTen/threetenbp
Discussion:
This issue has been addressed in the following products:
Red Hat build of Apache Camel 4.4.1 for Spring Boot
Via RHSA-2024:4884 https://access.redhat.com/errata/RHSA-2024:4884
Bugzilla
CVE-2023-51079 mvel: TimeOut error when calling ParseTools.subCompileExpression() function
bugzilla·2023-12-28·CVSS 5.3
CVE-2023-51079 [MEDIUM] CVE-2023-51079 mvel: TimeOut error when calling ParseTools.subCompileExpression() function
CVE-2023-51079 mvel: TimeOut error when calling ParseTools.subCompileExpression() function
A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final.
https://github.com/mvel/mvel/issues/348
Discussion:
the https://github.com/mvel/mvel/issues/348 was disputed and closed. This should not really be reported to other products.
---
i can't close all product tracking jiras. Please close the remaining ones.
---
This issue has been addressed in the following products:
Red Hat build of Apache Camel 4.4.1 for Spring Boot
Via RHSA-2024:4884 https://access.redhat.com/errata/RHSA-2024:4884
2024-06-25
Published