CVE-2024-5011

HIGH

Progress Whatsup Gold < 23.1.3 - Denial of Service

Title source: rule

Description

In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service.

References (3)

[Vendor Advisory] https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024

[Product] https://www.progress.com/network-monitoring

[Third Party Advisory] https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1934

Scores

CVSS v3 7.5

EPSS 0.0722

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-400

Status published

Affected Products (1)

progress/whatsup_gold < 23.1.3

Timeline

Published Jun 25, 2024

Tracked Since Feb 18, 2026