ByteOS Network

NVD Vulnerability Details :

CVE-2024-5009

Analyzed

Source-security@progress.com

Published At-25 Jun, 2024 | 20:15

Updated At-06 Sep, 2024 | 22:43

In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Progress Software Corporation

>>whatsup_gold>>Versions before 23.1.3(exclusive)

cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-269	Secondary	security@progress.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-269

Type: Secondary

Source: security@progress.com

References

Hyperlink	Source	Resource
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024	security@progress.com	Vendor Advisory
https://www.progress.com/network-monitoring	security@progress.com	Product

Hyperlink: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024

Source: security@progress.com

Resource:

Vendor Advisory

Hyperlink: https://www.progress.com/network-monitoring

Source: security@progress.com

Resource:

Product

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History