nvd-json-data-feeds/CVE-2024/CVE-2024-48xx/CVE-2024-4885.json

{
  "id": "CVE-2024-4885",
  "sourceIdentifier": "security@progress.com",
  "published": "2024-06-25T20:15:12.970",
  "lastModified": "2024-09-06T22:44:27.840",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In WhatsUp Gold versions released before 2023.1.3,\u00a0an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.\u00a0\u00a0The \n\nWhatsUp.ExportUtilities.Export.GetFileWithoutZip\n\n\n\n allows execution of commands with iisapppool\\nmconsole privileges."
    },
    {
      "lang": "es",
      "value": "En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo no autenticada en WhatsUpGold en curso.  WhatsUp.ExportUtilities.Export.GetFileWithoutZip permite la ejecuci\u00f3n de comandos con privilegios de iisapppool\\nmconsole."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      },
      {
        "source": "security@progress.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    },
    {
      "source": "security@progress.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "23.1.3",
              "matchCriteriaId": "C22487E3-6723-40C7-86A0-764EBAA37A55"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024",
      "source": "security@progress.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.progress.com/network-monitoring",
      "source": "security@progress.com",
      "tags": [
        "Product"
      ]
    }
  ]
}