VYPR

WhatsUp Gold

by WhatsUp Gold

CVEs (17)

  • CVE-2024-6671CriAug 29, 2024
    risk 0.65cvss 9.8epss 0.15

    In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.

  • CVE-2024-7763CriOct 24, 2024
    risk 0.64cvss 9.8epss 0.01

    In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.

  • CVE-2024-12108CriDec 31, 2024
    risk 0.63cvss 9.6epss 0.07

    In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.

  • CVE-2024-12106CriDec 31, 2024
    risk 0.62cvss 9.4epss 0.09

    In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.

  • CVE-2024-46908HigDec 2, 2024
    risk 0.57cvss 8.8epss 0.02

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.

  • CVE-2024-46905HigDec 2, 2024
    risk 0.57cvss 8.8epss 0.02

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.

  • CVE-2024-5010HigJun 25, 2024
    risk 0.54cvss 7.5epss 0.70

    In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality.  A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information.

  • CVE-2024-5016HigJun 25, 2024
    risk 0.49cvss 7.2epss 0.22

    In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM.  The vulnerability exists in the main message processing routines NmDistributed.DistributedServic…

  • CVE-2023-6367HigDec 14, 2023
    risk 0.49cvss 7.6epss 0.01

    In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Roles.   If a WhatsUp Gold user interacts with the crafted payload, the…

  • CVE-2023-6366HigDec 14, 2023
    risk 0.49cvss 7.6epss 0.01

    In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center.   If a WhatsUp Gold user interacts with the crafted…

  • CVE-2023-6365HigDec 14, 2023
    risk 0.49cvss 7.6epss 0.01

    In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group.   If a WhatsUp Gold user interacts with the crafted…

  • CVE-2023-6364HigDec 14, 2023
    risk 0.49cvss 7.6epss 0.01

    In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified.  It is possible for an attacker to craft a XSS payload and store that value within a dashboard component.   If a WhatsUp Gold user interacts with the…

  • CVE-2024-12105MedDec 31, 2024
    risk 0.46cvss 6.5epss 0.42

    In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure.

  • CVE-2023-6368MedDec 14, 2023
    risk 0.38cvss 5.9epss 0.01

    In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to a registered device being monitored by WhatsUp Gold.

  • CVE-2025-2572MedApr 14, 2025
    risk 0.36cvss 5.6epss 0.00

    In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup.

  • CVE-2024-5019MedJun 25, 2024
    risk 0.35cvss 5.3epss 0.01

    In WhatsUp Gold versions released before 2023.1.3,  an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges.

  • CVE-2024-5018MedJun 25, 2024
    risk 0.35cvss 5.3epss 0.01

    In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory .