Published
2024-06-25
·
Updated
2025-08-04
·
CVE-2024-5009
8.4
High
| Base vector | Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
**Name of the Vulnerable Software and Affected Versions:**
Progress WhatsUp Gold versions prior to 2023.1.3
**Description:**
An Improper Access Control vulnerability exists in the `Wug.UI.Controllers.InstallController.SetAdminPassword` component of WhatsUp Gold. This vulnerability allows local attackers to modify the administrator's password.
**Recommendations:**
Update WhatsUp Gold to version 2023.1.3 or later.
Exploit
Fix
Improper Privilege Management