CVE-2024-4562: WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via HttpMonitorSettings
First published: Tue May 14 2024(Updated: )
In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery.
Credit: security@progress.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Progress Software WhatsUp Gold | <23.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-4562?
CVE-2024-4562 has a medium severity rating due to its potential for unauthorized access to HTTP monitoring functionality.
How do I fix CVE-2024-4562?
To fix CVE-2024-4562, upgrade to WhatsUp Gold version 2023.1.2 or later.
Who is affected by CVE-2024-4562?
CVE-2024-4562 affects all versions of WhatsUp Gold prior to version 2023.1.2.
What type of vulnerability is CVE-2024-4562?
CVE-2024-4562 is classified as a server-side request forgery (SSRF) vulnerability.
What can an attacker do with CVE-2024-4562?
An attacker with authenticated access could exploit CVE-2024-4562 to access and manipulate the HTTP monitoring functionality.
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/source
- vendor/progress
- canonical/progress software whatsup gold