CVE-2024-4885 (GCVE-0-2024-4885)

Vulnerability from cvelistv5 – Published: 2024-06-25 19:48 – Updated: 2025-10-21 22:56
VLAI? CISA KEV
Title
WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability
Summary
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
Vendor Product Version
Progress Software Corporation WhatsUp Gold Affected: 2023.1.0 , < 2023.1.3 (semver)
Create a notification for this product.
Credits
Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: aef35cd6-09c1-46ef-acbc-65df705001b1

Vulnerability ID: CVE-2024-4885

Status: Confirmed

Status Updated: 2025-03-03 00:00 UTC

Exploited: Yes

Timestamps
First Seen: 2025-03-03
Asserted: 2025-03-03
Scope
Notes: KEV entry: Progress WhatsUp Gold Path Traversal Vulnerability | Affected: Progress / WhatsUp Gold | Description: Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-4885
Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details
Cwes CWE-22
Feed CISA Known Exploited Vulnerabilities Catalog
Product WhatsUp Gold
Due Date 2025-03-24
Date Added 2025-03-03
Vendorproject Progress
Vulnerabilityname Progress WhatsUp Gold Path Traversal Vulnerability
Knownransomwarecampaignuse Unknown
References
Created: 2026-02-02 12:26 UTC | Updated: 2026-02-02 12:26 UTC
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:progress:whatsup_gold:2023.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "whatsup_gold",
            "vendor": "progress",
            "versions": [
              {
                "lessThan": "2023.1.3",
                "status": "affected",
                "version": "2023.1.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4885",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-03T20:12:05.609998Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4885"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:56:21.609Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4885"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-03-03T00:00:00+00:00",
            "value": "CVE-2024-4885 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:55:10.084Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "product",
              "x_transferred"
            ],
            "url": "https://www.progress.com/network-monitoring"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "API Endpoint"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "WhatsUp Gold",
          "vendor": "Progress Software Corporation",
          "versions": [
            {
              "lessThan": "2023.1.3",
              "status": "affected",
              "version": "2023.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In WhatsUp Gold versions released before 2023.1.3,\u003cspan style=\"background-color: rgba(161, 189, 217, 0.08);\"\u003e\u0026nbsp;an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.\u0026nbsp;\u0026nbsp;T\u003cspan style=\"background-color: rgba(161, 189, 217, 0.08);\"\u003ehe \u003c/span\u003e\u003ccode\u003e\n\nWhatsUp.ExportUtilities.Export.GetFileWithoutZip\n\n\u003c/code\u003e\n\n allows execution of commands with \u003c/span\u003e\u003ccode\u003eiisapppool\\nmconsole\u003c/code\u003e\u003cspan style=\"background-color: rgba(161, 189, 217, 0.08);\"\u003e privileges.\u003c/span\u003e"
            }
          ],
          "value": "In WhatsUp Gold versions released before 2023.1.3,\u00a0an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.\u00a0\u00a0The \n\nWhatsUp.ExportUtilities.Export.GetFileWithoutZip\n\n\n\n allows execution of commands with iisapppool\\nmconsole privileges."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-113",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-113 API Manipulation"
            }
          ]
        },
        {
          "capecId": "CAPEC-562",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-562 Modify Shared File"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-25T19:48:15.268Z",
        "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "shortName": "ProgressSoftware"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://www.progress.com/network-monitoring"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
    "assignerShortName": "ProgressSoftware",
    "cveId": "CVE-2024-4885",
    "datePublished": "2024-06-25T19:48:15.268Z",
    "dateReserved": "2024-05-14T18:28:11.852Z",
    "dateUpdated": "2025-10-21T22:56:21.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-4885",
      "cwes": "[\"CWE-22\"]",
      "dateAdded": "2025-03-03",
      "dueDate": "2025-03-24",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-4885",
      "product": "WhatsUp Gold",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution.",
      "vendorProject": "Progress",
      "vulnerabilityName": "Progress WhatsUp Gold Path Traversal Vulnerability"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"23.1.3\", \"matchCriteriaId\": \"C22487E3-6723-40C7-86A0-764EBAA37A55\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In WhatsUp Gold versions released before 2023.1.3,\\u00a0an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.\\u00a0\\u00a0The \\n\\nWhatsUp.ExportUtilities.Export.GetFileWithoutZip\\n\\n\\n\\n allows execution of commands with iisapppool\\\\nmconsole privileges.\"}, {\"lang\": \"es\", \"value\": \"En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, se detect\\u00f3 una vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo no autenticada en WhatsUpGold en curso.  WhatsUp.ExportUtilities.Export.GetFileWithoutZip permite la ejecuci\\u00f3n de comandos con privilegios de iisapppool\\\\nmconsole.\"}]",
      "id": "CVE-2024-4885",
      "lastModified": "2024-11-21T09:43:47.450",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@progress.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-06-25T20:15:12.970",
      "references": "[{\"url\": \"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024\", \"source\": \"security@progress.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.progress.com/network-monitoring\", \"source\": \"security@progress.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.progress.com/network-monitoring\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}]",
      "sourceIdentifier": "security@progress.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@progress.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-4885\",\"sourceIdentifier\":\"security@progress.com\",\"published\":\"2024-06-25T20:15:12.970\",\"lastModified\":\"2025-10-31T21:57:19.860\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In WhatsUp Gold versions released before 2023.1.3,\u00a0an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.\u00a0\u00a0The \\n\\nWhatsUp.ExportUtilities.Export.GetFileWithoutZip\\n\\n\\n\\n allows execution of commands with iisapppool\\\\nmconsole privileges.\"},{\"lang\":\"es\",\"value\":\"En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo no autenticada en WhatsUpGold en curso.  WhatsUp.ExportUtilities.Export.GetFileWithoutZip permite la ejecuci\u00f3n de comandos con privilegios de iisapppool\\\\nmconsole.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@progress.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2025-03-03\",\"cisaActionDue\":\"2025-03-24\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Progress WhatsUp Gold Path Traversal Vulnerability\",\"weaknesses\":[{\"source\":\"security@progress.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"23.1.3\",\"matchCriteriaId\":\"C22487E3-6723-40C7-86A0-764EBAA37A55\"}]}]}],\"references\":[{\"url\":\"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024\",\"source\":\"security@progress.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.progress.com/network-monitoring\",\"source\":\"security@progress.com\",\"tags\":[\"Product\"]},{\"url\":\"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.progress.com/network-monitoring\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4885\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"affected\", \"modules\": [\"API Endpoint\"], \"platforms\": [\"Windows\"], \"product\": \"WhatsUp Gold\", \"vendor\": \"Progress Software Corporation\", \"versions\": [{\"lessThan\": \"2023.1.3\", \"status\": \"affected\", \"version\": \"2023.1.0\", \"versionType\": \"semver\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) working with Trend Micro Zero Day Initiative\"}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"In WhatsUp Gold versions released before 2023.1.3,\u003cspan style=\\\"background-color: rgba(161, 189, 217, 0.08);\\\"\u003e\u0026nbsp;an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.\u0026nbsp;\u0026nbsp;T\u003cspan style=\\\"background-color: rgba(161, 189, 217, 0.08);\\\"\u003ehe \u003c/span\u003e\u003ccode\u003e\\n\\nWhatsUp.ExportUtilities.Export.GetFileWithoutZip\\n\\n\u003c/code\u003e\\n\\n allows execution of commands with \u003c/span\u003e\u003ccode\u003eiisapppool\\\\nmconsole\u003c/code\u003e\u003cspan style=\\\"background-color: rgba(161, 189, 217, 0.08);\\\"\u003e privileges.\u003c/span\u003e\"}], \"value\": \"In WhatsUp Gold versions released before 2023.1.3,\\u00a0an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.\\u00a0\\u00a0The \\n\\nWhatsUp.ExportUtilities.Export.GetFileWithoutZip\\n\\n\\n\\n allows execution of commands with iisapppool\\\\nmconsole privileges.\"}], \"impacts\": [{\"capecId\": \"CAPEC-113\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-113 API Manipulation\"}]}, {\"capecId\": \"CAPEC-562\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-562 Modify Shared File\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"f9fea0b6-671e-4eea-8fde-31911902ae05\", \"shortName\": \"ProgressSoftware\", \"dateUpdated\": \"2024-06-25T19:48:15.268Z\"}, \"references\": [{\"tags\": [\"product\"], \"url\": \"https://www.progress.com/network-monitoring\"}, {\"tags\": [\"vendor-advisory\"], \"url\": \"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability\", \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:55:10.084Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"product\", \"x_transferred\"], \"url\": \"https://www.progress.com/network-monitoring\"}, {\"tags\": [\"vendor-advisory\", \"x_transferred\"], \"url\": \"https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024\"}]}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-4885\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-03T20:12:05.609998Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-03-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4885\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:progress:whatsup_gold:2023.1.0:*:*:*:*:*:*:*\"], \"vendor\": \"progress\", \"product\": \"whatsup_gold\", \"versions\": [{\"status\": \"affected\", \"version\": \"2023.1.0\", \"lessThan\": \"2023.1.3\", \"versionType\": \"semver\"}], \"defaultStatus\": \"affected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-25T20:32:50.175Z\"}, \"timeline\": [{\"time\": \"2025-03-03T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2024-4885 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-4885\", \"assignerOrgId\": \"f9fea0b6-671e-4eea-8fde-31911902ae05\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"ProgressSoftware\", \"dateReserved\": \"2024-05-14T18:28:11.852Z\", \"datePublished\": \"2024-06-25T19:48:15.268Z\", \"dateUpdated\": \"2025-07-28T19:42:13.296Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.