CVE-2024-4562

low-risk

Published 2024-05-14

In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.4/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Whatsup Gold

Affected Vendors

Progress

References (4)

Vendor Advisory https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2

Product https://www.progress.com/network-monitoring

Vendor Advisory https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2

Product https://www.progress.com/network-monitoring

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal