In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The

WhatsUp.ExportUtilities.Export.GetFileWithoutZip



allows execution of commands with iisapppool\nmconsole privileges.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 04 Mar 2025 08:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

kev

{'dateAdded': '2025-03-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 04 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:progress:whatsup_gold:2023.1.0:*:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 06 Sep 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Progress
Progress whatsup Gold
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*
Vendors & Products Progress
Progress whatsup Gold

cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published:

Updated: 2025-07-30T01:37:00.341Z

Reserved: 2024-05-14T18:28:11.852Z

Link: CVE-2024-4885

cve-icon Vulnrichment

Updated: 2024-08-01T20:55:10.084Z

cve-icon NVD

Status : Modified

Published: 2024-06-25T20:15:12.970

Modified: 2025-03-04T02:00:01.987

Link: CVE-2024-4885

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.