CVE-2024-4562

In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2
https://www.progress.com/network-monitoring

Configurations

No configuration.

History

15 May 2024, 16:40

Type	Values Removed	Values Added
Summary		(es) En las versiones de WhatsUp Gold lanzadas antes de 2023.1.2, existe una vulnerabilidad SSRF en Whatsup Gold. El problema existe en la funcionalidad de monitoreo HTTP. Debido a la falta de autorización adecuada, cualquier usuario autenticado puede acceder a la funcionalidad de monitoreo HTTP, lo que conduce a Server Side Request Forgery.

14 May 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 21:15

Updated : 2024-05-15 16:40

NVD link : CVE-2024-4562

Mitre link : CVE-2024-4562

CVE.ORG link : CVE-2024-4562

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

5.4 /10