In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
History

Tue, 04 Mar 2025 08:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

kev

{'dateAdded': '2025-03-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 04 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:progress:whatsup_gold:2023.1.0:*:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 06 Sep 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Progress
Progress whatsup Gold
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*
Vendors & Products Progress
Progress whatsup Gold

cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published:

Updated: 2025-03-03T20:14:13.636Z

Reserved: 2024-05-14T18:28:11.852Z

Link: CVE-2024-4885

cve-icon Vulnrichment

Updated: 2024-08-01T20:55:10.084Z

cve-icon NVD

Status : Modified

Published: 2024-06-25T20:15:12.970

Modified: 2025-03-04T02:00:01.987

Link: CVE-2024-4885

cve-icon Redhat

No data.