Progress Whatsup_gold

56 CVEs affecting Progress Whatsup_gold. Latest disclosed: 2025-04-14. Critical: 16, High: 21.

Top CVEs affecting Progress Whatsup_gold
CVESeverityScorePublishedSummary
CVE-2024-8785Critical9.82024-12-02In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in…
CVE-2024-46909Critical9.82024-12-02In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the se…
CVE-2024-7763Critical9.82024-10-24In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.
CVE-2024-6671Critical9.82024-08-29In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenti…
CVE-2024-6670Critical9.82024-08-29In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CVE-2024-4885Critical9.82024-06-25In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtiliti…
CVE-2024-4884Critical9.82024-06-25In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The Apm.UI.Areas.APM.Contro…
CVE-2024-4883Critical9.82024-06-25In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated…
CVE-2018-8939Critical9.82018-05-01An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI exe…
CVE-2018-8938Critical9.82018-05-01A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP…
CVE-2018-5778Critical9.82018-01-24An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, wh…
CVE-2018-5777Critical9.82018-01-24An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that…
CVE-2015-8261Critical9.82016-01-08The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attac…
CVE-2024-12108Critical9.62024-12-31In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.
CVE-2022-42711Critical9.62022-10-12In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthentica…
CVE-2024-12106Critical9.42024-12-31In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.
CVE-2024-46908High8.82024-12-02In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permission…
CVE-2024-46907High8.82024-12-02In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permission…
CVE-2024-46906High8.82024-12-02In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permission…
CVE-2024-46905High8.82024-12-02In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permis…