Every CVE whose affected-product data names Progress Whatsup Gold, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (56)
CVE-2024-4883 — CVSS 9.8 (critical): In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows…
CVE-2018-8939 — CVSS 9.8 (critical): An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted…
CVE-2024-46909 — CVSS 9.8 (critical): In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in…
CVE-2024-6671 — CVSS 9.8 (critical): In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability…
CVE-2024-4884 — CVSS 9.8 (critical): In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The…
CVE-2024-8785 — CVSS 9.8 (critical): In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an…
CVE-2015-8261 — CVSS 9.8 (critical): The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which…
CVE-2024-7763 — CVSS 9.8 (critical): In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user…
CVE-2018-5777 — CVSS 9.8 (critical): An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in…
CVE-2018-5778 — CVSS 9.8 (critical): An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the…
CVE-2018-8938 — CVSS 9.8 (critical): A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a…
CVE-2022-42711 — CVSS 9.6 (critical): In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could…
CVE-2024-12108 — CVSS 9.6 (critical): In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.
CVE-2024-12106 — CVSS 9.4 (critical): In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.
CVE-2024-46905 — CVSS 8.8 (high): In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least…
CVE-2024-46906 — CVSS 8.8 (high): In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least…
CVE-2024-46907 — CVSS 8.8 (high): In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least…
CVE-2024-46908 — CVSS 8.8 (high): In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least…
CVE-2024-6672 — CVSS 8.8 (high): In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve…
CVE-2024-5008 — CVSS 8.8 (high): In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain…
CVE-2024-5012 — CVSS 8.6 (high): In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This…
CVE-2024-5009 — CVSS 8.4 (high): In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdmin…
CVE-2007-2602 — CVSS 7.8 (high): Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute…
CVE-2023-6367 — CVSS 7.6 (high): In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for…
CVE-2023-6364 — CVSS 7.6 (high): In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for…
CVE-2023-6366 — CVSS 7.6 (high): In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for…
CVE-2023-6365 — CVSS 7.6 (high): In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for…
CVE-2004-0798 — CVSS 7.5 (high): Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary…
CVE-2012-2601 — CVSS 7.5 (high): SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL…
CVE-2022-29847 — CVSS 7.5 (high): In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API…
CVE-2023-6595 — CVSS 7.5 (high): In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an…
CVE-2024-5010 — CVSS 7.5 (high): In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted…
CVE-2024-5011 — CVSS 7.5 (high): In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted…
CVE-2024-5013 — CVSS 7.5 (high): In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated…
CVE-2024-5016 — CVSS 7.2 (high): In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to…
CVE-2024-5015 — CVSS 7.1 (high): In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Upda…
CVE-2024-5014 — CVSS 7.1 (high): In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This…
CVE-2015-6005 — CVSS 6.9 (medium): Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web…
CVE-2024-12105 — CVSS 6.5 (medium): In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to…
CVE-2022-29848 — CVSS 6.5 (medium): In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction…
CVE-2024-5017 — CVSS 6.5 (medium): In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request…
CVE-2022-29845 — CVSS 6.5 (medium): In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction…
CVE-2015-6004 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via…
CVE-2023-35759 — CVSS 6.1 (medium): In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could…
CVE-2023-6368 — CVSS 5.9 (medium): In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an…
CVE-2025-2572 — CVSS 5.6 (medium): In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the…
CVE-2024-4562 — CVSS 5.4 (medium): In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring…
CVE-2024-5019 — CVSS 5.3 (medium): In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.Sessi…
CVE-2024-5018 — CVSS 5.3 (medium): In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.Sessi…
CVE-2022-29846 — CVSS 5.3 (medium): In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp…
CVE-2004-0799 — CVSS 5.0 (medium): The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a…
CVE-2012-4344 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2024-4561 — CVSS 4.2 (medium): In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an…