PT-2024-31710 · Ipswitch · Whatsup Gold

Abdessamad Lahlali

Published

2024-05-14

Updated

2024-12-09

CVE-2024-4562

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2023.1.2

Description: A Server Side Request Forgery (SSRF) vulnerability exists in WhatsUp Gold's HTTP Monitoring functionality due to the lack of proper authorization. Any authenticated user can access the HTTP monitoring functionality, leading to the SSRF vulnerability.

Recommendations: For versions prior to 2023.1.2, update to version 2023.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP monitoring functionality to minimize the risk of exploitation.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2024-4562

ZDI-24-516

Affected Products

Whatsup Gold

PT-2024-31710 · Ipswitch · Whatsup Gold

CVE-2024-4562

Weakness Enumeration

Related Identifiers

Affected Products

References · 8