Security Advisory

CVE-2024-5015

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-06-25 20:15:07

Last updated 2024-08-01 20:55:10

Assigner ProgressSoftware

State PUBLISHED

Description

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to Admin.

← Browse all CVEs View on cve.org ↗