Progress Whatsup Gold vulnerabilities
56 known vulnerabilities affecting progress/whatsup_gold.
Total CVEs
56
CISA KEV
2
actively exploited
Public exploits
12
Exploited in wild
3
Severity breakdown
CRITICAL13HIGH22MEDIUM21
Vulnerabilities
Page 3 of 3
CVE-2024-5013P3HIGHCVSS 7.5fixed in 23.1.32024-06-25
CVE-2024-5013 [HIGH] CWE-400 CVE-2024-5013: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerabil
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service
vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.
nvd
CVE-2024-8785P3MEDIUMCVSS 5.3fixed in 24.0.12024-12-02
CVE-2024-8785 [MEDIUM] CWE-648 CVE-2024-8785: In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
nvd
CVE-2024-5017P3MEDIUMCVSS 6.5fixed in 23.1.32024-06-25
CVE-2024-5017 [MEDIUM] CWE-22 CVE-2024-5017: In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A speciall
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure.
nvd
CVE-2024-5014P3MEDIUMCVSS 6.5fixed in 23.1.32024-06-25
CVE-2024-5014 [MEDIUM] CWE-918 CVE-2024-5014: In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exist
In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form.
nvd
CVE-2023-6368P4MEDIUMCVSS 5.3fixed in 23.1.02023-12-14
CVE-2023-6368 [MEDIUM] CWE-306 CVE-2023-6368: In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authenti
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.
nvd
CVE-2025-2572P4MEDIUMCVSS 5.3fixed in 24.0.32025-04-14
CVE-2025-2572 [MEDIUM] CWE-287 CVE-2025-2572: In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows
In WhatsUp Gold versions released before 2024.0.3, a
database manipulation
vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup.
nvd
CVE-2007-2602P4HIGHCVSS 7.8v112007-05-11
CVE-2007-2602 [HIGH] CVE-2007-2602: Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of se
Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE
nvd
CVE-2023-6595P4MEDIUMCVSS 5.3fixed in 23.1.02023-12-14
CVE-2023-6595 [MEDIUM] CWE-306 CVE-2023-6595: In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authenti
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.
nvd
CVE-2024-4562P4MEDIUMCVSS 5.4fixed in 23.1.22024-05-14
CVE-2024-4562 [MEDIUM] CWE-918 CVE-2024-4562: In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold'
In WhatsUp Gold versions released before 2023.1.2 ,
an SSRF vulnerability exists in Whatsup Gold's
Issue exists in the HTTP Monitoring functionality.
Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery.
nvd
CVE-2024-4561P4MEDIUMCVSS 5.3fixed in 23.1.22024-05-14
CVE-2024-4561 [MEDIUM] CWE-918 CVE-2024-4561: In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup
In WhatsUp Gold versions released before 2023.1.2 ,
a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server.
nvd
CVE-2015-6005P4MEDIUMCVSS 6.9≤ 16.32015-12-27
CVE-2015-6005 [MEDIUM] CWE-79 CVE-2015-6005: Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remot
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task
nvd
CVE-2023-6367P4MEDIUMCVSS 5.4fixed in 23.1.02023-12-14
CVE-2023-6367 [MEDIUM] CWE-79 CVE-2023-6367: In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Roles.
If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the vi
nvd
CVE-2023-6366P4MEDIUMCVSS 5.4fixed in 23.1.02023-12-14
CVE-2023-6366 [MEDIUM] CWE-79 CVE-2023-6366: In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center.
If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of
nvd
CVE-2023-6365P4MEDIUMCVSS 5.4fixed in 23.1.02023-12-14
CVE-2023-6365 [MEDIUM] CWE-79 CVE-2023-6365: In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group.
If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context
nvd
CVE-2023-6364P4MEDIUMCVSS 5.4fixed in 23.1.02023-12-14
CVE-2023-6364 [MEDIUM] CWE-79 CVE-2023-6364: In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability h
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a dashboard component.
If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the
nvd
CVE-2004-0799P4MEDIUMCVSS 5.0v7.0v7.03+4 more2004-10-20
CVE-2004-0799 [MEDIUM] CVE-2004-0799: The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a d
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm".
nvd
← Previous3 / 3