CVE-2024-4883

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe.
Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

History

06 Sep 2024, 22:46

Type Values Removed Values Added
First Time Progress
Progress whatsup Gold
CPE cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*
References () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - () https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 - Vendor Advisory
References () https://www.progress.com/network-monitoring - () https://www.progress.com/network-monitoring - Product
CWE NVD-CWE-noinfo

26 Jun 2024, 12:44

Type Values Removed Values Added
Summary
  • (es) En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe un problema de ejecución remota de código en Progress WhatsUp Gold. Esta vulnerabilidad permite que un atacante no autenticado obtenga RCE como cuenta de servicio a través de NmApi.exe.

25 Jun 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-25 20:15

Updated : 2024-09-06 22:46


NVD link : CVE-2024-4883

Mitre link : CVE-2024-4883

CVE.ORG link : CVE-2024-4883


JSON object : View

Products Affected

progress

  • whatsup_gold
CWE
NVD-CWE-noinfo CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-94

Improper Control of Generation of Code ('Code Injection')