CVE-2012-4344

Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.exploit-db.com/exploits/20035	Exploit
http://www.kb.cert.org/vuls/id/777007	US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/77150
http://www.exploit-db.com/exploits/20035	Exploit
http://www.kb.cert.org/vuls/id/777007	US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/77150

Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:whatsup_gold:15.02:*:*:*:*:*:*:*

History

21 Nov 2024, 01:42

Type	Values Removed	Values Added
References	~~() http://www.exploit-db.com/exploits/20035 - Exploit~~	() http://www.exploit-db.com/exploits/20035 - Exploit
References	~~() http://www.kb.cert.org/vuls/id/777007 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/777007 - US Government Resource
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/77150 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/77150 -

27 Aug 2024, 17:48

Type	Values Removed	Values Added
First Time		Progress Progress whatsup Gold
CPE	cpe:2.3:a:ipswitch:whatsup_gold:15.02:::::::*	cpe:2.3:a:progress:whatsup_gold:15.02:::::::*

Information

Published : 2012-08-15 22:55

Updated : 2024-11-21 01:42

NVD link : CVE-2012-4344

Mitre link : CVE-2012-4344

CVE.ORG link : CVE-2012-4344

JSON object : View

Products Affected

progress

whatsup_gold

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2012-4344", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-08-15T22:55:02.447", "references": [{"url": "http://www.exploit-db.com/exploits/20035", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/777007", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77150", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/20035", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/777007", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77150", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Ipswitch WhatsUp Gold v15.02 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados relacionados con el nombre del sistema SNMP de la m\u00e1quina atacante."}], "lastModified": "2024-11-21T01:42:43.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:progress:whatsup_gold:15.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26F26C84-97D6-47E4-8AEC-27BF272BA17F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}