📦 Whatsup Gold
by Progress
🔍 What is Whatsup Gold?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows unauthenticated attackers to configure LDAP settings in WhatsUp Gold, potentially enabling them to redirect authentication to malicious LDAP servers or disrupt legitimate aut...
CVE-2024-46909 is a critical remote code execution vulnerability in WhatsUp Gold network monitoring software. Unauthenticated attackers can exploit this to execute arbitrary code with service account ...
This vulnerability allows remote unauthenticated attackers to modify registry values in WhatsUp Gold installations, potentially enabling system compromise. It affects WhatsUp Gold versions before 2024...
WhatsUp Gold versions before 2024.0.0 contain an authentication bypass vulnerability that allows attackers to obtain encrypted user credentials without proper authentication. This affects all organiza...
An unauthenticated SQL injection vulnerability in WhatsUp Gold allows attackers to retrieve encrypted user passwords. This affects all WhatsUp Gold versions before 2024.0.0. Organizations using vulner...
This vulnerability allows unauthenticated remote attackers to execute arbitrary code on WhatsUp Gold systems through the NmApi.exe component. Attackers can achieve remote code execution as a service a...
An unauthenticated remote code execution vulnerability in Progress WhatsUp Gold allows attackers to execute arbitrary commands with IIS application pool privileges. This affects WhatsUp Gold versions ...
A SQL injection vulnerability in WhatsUp Gold versions before 2024.0.1 allows authenticated users with Network Manager permissions to escalate privileges to admin accounts. This affects organizations ...
A SQL injection vulnerability in WhatsUp Gold allows authenticated users with at least Report Viewer permissions to escalate privileges to admin accounts. This affects WhatsUp Gold versions before 202...
A SQL injection vulnerability in WhatsUp Gold allows authenticated low-privileged users (with at least Report Viewer permissions) to escalate privileges to admin accounts. This affects all WhatsUp Gol...
A SQL injection vulnerability in WhatsUp Gold allows authenticated users with Report Viewer permissions to escalate privileges to admin accounts. This affects WhatsUp Gold versions before 2024.0.1. At...
This SQL injection vulnerability in WhatsUp Gold allows authenticated low-privileged users to modify privileged user passwords, leading to privilege escalation. It affects all WhatsUp Gold versions be...
An unauthenticated Denial of Service vulnerability in WhatsUp Gold allows attackers to force the application into the SetAdminPassword installation step, making it inaccessible. This affects all Whats...
This vulnerability allows authenticated low-privileged users in WhatsUp Gold to perform server-side request forgery (SSRF) attacks. By chaining this SSRF with an improper access control vulnerability,...
This vulnerability allows local attackers to modify the administrator password in WhatsUp Gold through improper access control in the SetAdminPassword function. It affects WhatsUp Gold versions before...
An unauthenticated attacker can send specially crafted HTTP requests to the TestController Chart functionality in WhatsUp Gold, causing uncontrolled resource consumption and denial of service. This af...
CVE-2023-6595 is an authentication bypass vulnerability in WhatsUp Gold network monitoring software. Unauthenticated attackers can access an API endpoint to enumerate credential information stored in ...
This stored XSS vulnerability in WhatsUp Gold allows attackers to inject malicious JavaScript into the Alert Center. When users interact with the crafted payload, the attacker can execute arbitrary co...
A stored cross-site scripting (XSS) vulnerability in WhatsUp Gold allows attackers to inject malicious JavaScript into dashboard components. When users interact with these components, the attacker can...
This vulnerability allows unauthenticated attackers to invoke an API transaction that relays encrypted WhatsUp Gold user credentials to arbitrary hosts. It affects Progress Ipswitch WhatsUp Gold versi...
An unauthenticated database manipulation vulnerability in WhatsUp Gold allows attackers to modify the WrlsMacAddressGroup table without credentials. This affects all WhatsUp Gold installations running...
This vulnerability allows authenticated users of WhatsUp Gold to craft HTTP requests that can disclose sensitive information. It affects all WhatsUp Gold versions before 2024.0.2. The vulnerability st...
This path traversal vulnerability in WhatsUp Gold allows unauthenticated attackers to access files outside the intended directory via specially crafted HTTP requests to AppProfileImport. It affects Wh...
This vulnerability allows unauthenticated attackers to read arbitrary files on WhatsUp Gold servers with IIS application pool privileges. It affects WhatsUp Gold versions before 2023.1.3, potentially ...
This SSRF vulnerability in WhatsUp Gold allows authenticated users to make unauthorized HTTP requests through the HTTP Monitoring functionality. Attackers could potentially access internal systems or ...