{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-5011", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2024-05-16T15:59:52.081Z", "datePublished": "2024-06-25T20:01:47.996Z", "dateUpdated": "2024-06-26T19:09:09.082Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["API Endpoint"], "platforms": ["Windows"], "product": "WhatsUp Gold", "vendor": "Progress Software Corporation", "versions": [{"lessThan": "2023.1.3", "status": "affected", "version": "2023.1.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Marcin 'Icewall' Noga of Cisco Talos."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">A specially crafted unauthenticated HTTP request</span>&nbsp;to the TestController Chart functionality&nbsp;<span style=\"background-color: rgba(9, 30, 66, 0);\">can lead to denial of service.</span>\n\n<br>"}], "value": "In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists.\u00a0A specially crafted unauthenticated HTTP request\u00a0to the TestController Chart functionality\u00a0can lead to denial of service."}], "impacts": [{"capecId": "CAPEC-227", "descriptions": [{"lang": "en", "value": "CAPEC-227 Sustained Client Engagement"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-06-25T20:01:47.996Z"}, "references": [{"tags": ["product"], "url": "https://www.progress.com/network-monitoring"}, {"tags": ["vendor-advisory"], "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1934"}], "source": {"discovery": "UNKNOWN"}, "title": "WhatsUp Gold TestController Chart denial of service vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "progress_software", "product": "whatsup_gold", "cpes": ["cpe:2.3:a:progress_software:whatsup_gold:2023.1.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2023.1.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T19:09:04.511069Z", "id": "CVE-2024-5011", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:09:09.082Z"}}]}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists.\u00a0A specially crafted unauthenticated HTTP request\u00a0to the TestController Chart functionality\u00a0can lead to denial of service."}, {"lang": "es", "value": "En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad de consumo descontrolado de recursos. Una solicitud HTTP no autenticada especialmente manipulada para la funcionalidad TestController Chart puede provocar una denegaci\u00f3n de servicio."}], "id": "CVE-2024-5011", "lastModified": "2024-06-26T14:15:11.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@progress.com", "type": "Secondary"}]}, "published": "2024-06-25T20:15:13.810", "references": [{"source": "security@progress.com", "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024"}, {"source": "security@progress.com", "url": "https://www.progress.com/network-monitoring"}, {"source": "security@progress.com", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1934"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security@progress.com", "type": "Secondary"}]}

{}