CVE-2024-8785

Medium

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an…

ProgressSoftware·CWE-648·Published 2024-12-02

CVSS

5.3

EPSS

0.10

KEV

Exploits

Vendor statements (1)

community.progress.com

cve.orgen

224 chars

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.

NVDes

249 chars

En las versiones de WhatsUp Gold lanzadas antes de 2024.0.1, un atacante remoto no autenticado podría aprovechar NmAPI.exe para crear o cambiar un valor de registro existente en la ruta de registro HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H