Progress Whatsup_gold
56 CVEs affecting Progress Whatsup_gold. Latest disclosed: 2025-04-14. Critical: 16, High: 21.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-8785 | Critical | 9.8 | 2024-12-02 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in… |
CVE-2024-46909 | Critical | 9.8 | 2024-12-02 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the se… |
CVE-2024-7763 | Critical | 9.8 | 2024-10-24 | In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. |
CVE-2024-6671 | Critical | 9.8 | 2024-08-29 | In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenti… |
CVE-2024-6670 | Critical | 9.8 | 2024-08-29 | In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. |
CVE-2024-4885 | Critical | 9.8 | 2024-06-25 | In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtiliti… |
CVE-2024-4884 | Critical | 9.8 | 2024-06-25 | In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Contro… |
CVE-2024-4883 | Critical | 9.8 | 2024-06-25 | In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated… |
CVE-2018-8939 | Critical | 9.8 | 2018-05-01 | An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI exe… |
CVE-2018-8938 | Critical | 9.8 | 2018-05-01 | A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP… |
CVE-2018-5778 | Critical | 9.8 | 2018-01-24 | An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, wh… |
CVE-2018-5777 | Critical | 9.8 | 2018-01-24 | An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that… |
CVE-2015-8261 | Critical | 9.8 | 2016-01-08 | The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attac… |
CVE-2024-12108 | Critical | 9.6 | 2024-12-31 | In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. |
CVE-2022-42711 | Critical | 9.6 | 2022-10-12 | In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthentica… |
CVE-2024-12106 | Critical | 9.4 | 2024-12-31 | In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. |
CVE-2024-46908 | High | 8.8 | 2024-12-02 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permission… |
CVE-2024-46907 | High | 8.8 | 2024-12-02 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permission… |
CVE-2024-46906 | High | 8.8 | 2024-12-02 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permission… |
CVE-2024-46905 | High | 8.8 | 2024-12-02 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permis… |