VDB

GCVE-110-NCSC-2024-268

GCVE-110-NCSC-2024-268
Advisory PublishedCVSS 9.8/10
Vulnetix · Advisory published June 26, 2024
Progress heeft kwetsbaarheden verholpen in WhatsUp Gold.

Weaknesses (CWE)

CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-434Unrestricted Upload of File with Dangerous TypeCWE-269Improper Privilege ManagementCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-400Uncontrolled Resource ConsumptionCWE-287Improper AuthenticationCWE-918Server-Side Request Forgery (SSRF)CWE-502Deserialization of Untrusted Data

Risk Scores

CVSS 3.1
9.8/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
progress_software_corporationwhatsup_gold

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›