CVE-2024-5014 HIGH

CVE-2024-5014: WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure

Vendor Progress Software Corporation

Product WhatsUp Gold

Weakness CWE-918 · SSRF

Published June 25, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML form.

Key dates

02Disclosure timeline

June 25, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5014 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

04Related CVE

CVE-2026-39922 GeoNode SSRF via Service Registration CVE-2026-10239 JeecgBoot edit WordUtil.addImage server-side request forgery CVE-2026-34476 Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server CVE-2026-44971 GuardDog: Blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration CVE-2025-11467 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery

Identifiers

CVE CVE-2024-5014

CWE CWE-918

CVSS 7.1 / HIGH

Affected versions

Vendor Progress Software Corporation

Product WhatsUp Gold

Affected ≥ 2023.1.0 and < 2023.1.3