VYPR
Unrated severityCISA KEVNVD Advisory· Published Jun 25, 2024· Updated Oct 21, 2025

WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability

CVE-2024-4885

Description

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The

WhatsUp.ExportUtilities.Export.GetFileWithoutZip

allows execution of commands with iisapppool\nmconsole privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

1