We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | ProgressSoftware |
Reserved | 2024-05-14 |
Published | 2024-06-25 |
Updated | 2024-08-01 |
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative
https://www.progress.com/network-monitoring
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024