CVE-2024-5017 — Vulnetix

CVE-2024-5017 PUBLISHED CVSS 6.5 MEDIUM

In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure.

EPSS 1.17% · 79.0th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

1.17%

79.0th percentile

Affected Products

Vendor	Product	Versions
progress	whatsup_gold	2023.1.0, 2023.1.0, 2023.1.0
Progress Software Corporation	WhatsUp Gold	2023.1.0, 2023.1.0, 2023.1.0
progress	whatsup_gold	0, 0, 0

Timeline

Jun 25, 2024 CVE Published
Jun 26, 2024 EPSS Score
Jul 18, 2024 EPSS Score
Aug 10, 2024 EPSS Score
Sep 23, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 16, 2024 EPSS Score
Nov 7, 2024 EPSS Score
Nov 29, 2024 EPSS Score
Dec 23, 2024 EPSS Score
Feb 5, 2025 EPSS Score
Feb 28, 2025 EPSS Score

References

https://www.progress.com/network-monitoring url
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 vendor-advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1932 url
https://nvd.nist.gov/vuln/detail/CVE-2024-5017 advisory

Open in Interactive Console →