CVE-2024-4561

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2023.1.2

Description: A blind Server-Side Request Forgery (SSRF) vulnerability exists in WhatsUp Gold's FaviconController, allowing an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. This issue enables the attacker to potentially access internal resources or services that are not directly accessible from the outside, by proxying their requests through the vulnerable server.

Recommendations: For versions prior to 2023.1.2, update to version 2023.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the FaviconController to minimize the risk of exploitation.