In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to Admin.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ProgressSoftware
Published: 2024-06-25T20:15:07.575Z
Updated: 2024-06-26T14:05:36.035Z
Reserved: 2024-05-16T15:59:54.778Z
Link: CVE-2024-5015
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-06-25T21:16:00.890
Modified: 2024-06-26T12:44:29.693
Link: CVE-2024-5015
JSON object: View
Redhat Information
No data.
CWE