Home/Product/progress whatsup gold
Product

progress whatsup gold

57 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-2572
< 24.0.3
In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to
5.6MEDIUM
 CVE-2024-12108
>= 23.1.0 and < 24.0.2
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.
9.6CRITICAL
 CVE-2024-12106
>= 23.1.0 and < 24.0.2
In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.
9.4CRITICAL
 CVE-2024-12105
>= 23.1.0 and < 24.0.2
In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead t
6.5MEDIUM
 CVE-2024-8785
< 24.0.1
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change
9.8CRITICAL
 CVE-2024-46909
< 24.0.1
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute
9.8CRITICAL
 CVE-2024-46908
< 24.0.1
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at l
8.8HIGH
 CVE-2024-46907
< 24.0.1
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at l
8.8HIGH
 CVE-2024-46906
< 24.0.1
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at l
8.8HIGH
 CVE-2024-46905
< 24.0.1
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at
8.8HIGH
 CVE-2024-7763
< 24.0
In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain enc
9.8CRITICAL
 CVE-2024-6672
< 24.0
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker t
8.8HIGH
 CVE-2024-6671
>= 23.1.0 and < 24.0
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulne
9.8CRITICAL
 CVE-2024-6670
< 24.0
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve t
9.8CRITICAL
 CVE-2024-5019
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Cont
5.3MEDIUM
 CVE-2024-5018
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Control
5.3MEDIUM
 CVE-2024-5017
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTT
6.5MEDIUM
 CVE-2024-5016
< 23.1.0
In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization
7.2HIGH
 CVE-2024-5015
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionCon
7.1HIGH
 CVE-2024-5014
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature
7.1HIGH
 CVE-2024-5013
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unaut
7.5HIGH
 CVE-2024-5012
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials.
8.6HIGH
 CVE-2024-5011
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted
7.5HIGH
 CVE-2024-5010
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially craft
7.5HIGH
 CVE-2024-5009
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallControll
8.4HIGH
 CVE-2024-5008
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file a
8.8HIGH
 CVE-2024-4885
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold
9.8CRITICAL
 CVE-2024-4884
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold
9.8CRITICAL
 CVE-2024-4883
< 23.1.3
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerabili
9.8CRITICAL
 CVE-2024-4562
< 23.1.2
In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Mo
5.4MEDIUM
 CVE-2024-4561
< 23.1.2
In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that a
4.2MEDIUM
 CVE-2023-6595
< 23.1.0
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possib
7.5HIGH
 CVE-2023-6368
< 23.1.0
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possib
5.9MEDIUM
 CVE-2023-6367
< 23.1.0
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is pos
7.6HIGH
 CVE-2023-6366
< 23.1.0
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is pos
7.6HIGH
 CVE-2023-6365
< 23.1.0
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is pos
7.6HIGH
 CVE-2023-6364
< 23.1.0
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is po
7.6HIGH
 CVE-2023-35759
< 23.0.0
In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This c
6.1MEDIUM
 CVE-2022-42711
< 22.1.0
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. Thi
9.6CRITICAL
 CVE-2022-29848
>= 17.0.0 and <= 21.1.1
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API tra
6.5MEDIUM
 CVE-2022-29847
>= 21.0.0 and <= 21.1.1
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an A
7.5HIGH
 CVE-2022-29846
>= 16.1 and <= 21.1.1
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the Wh
5.3MEDIUM
 CVE-2022-29845
all versions
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API tra
6.5MEDIUM
 CVE-2021-41318
< 21.1.0
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which cou
6.1MEDIUM
 CVE-2018-8939
< 18.0
An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially craft
9.8CRITICAL
 CVE-2018-8938
< 18.0
A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can in
9.8CRITICAL
 CVE-2018-5778
< 17.1.1
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present
9.8CRITICAL
 CVE-2018-5777
< 17.1.1
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfigur
9.8CRITICAL
 CVE-2016-1000000
<= 16.4
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
8.8HIGH
 CVE-2015-8261
all versions
The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objec
9.8CRITICAL
 CVE-2015-6005
<= 16.3
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrar
6.9MEDIUM
 CVE-2015-6004
<= 16.3
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL comman
6.5MEDIUM
 CVE-2012-4344
all versions
Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or
 CVE-2012-2601
all versions
SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQ
 CVE-2007-2602
all versions
Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or e
 CVE-2004-0799
all versions
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash
 CVE-2004-0798
all versions
Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute ar
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin