An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands.
References
Link | Resource |
---|---|
https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm | Release Notes Vendor Advisory |
https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm | Release Notes Vendor Advisory |
Configurations
History
21 Nov 2024, 04:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm - Release Notes, Vendor Advisory |
27 Aug 2024, 17:48
Type | Values Removed | Values Added |
---|---|---|
First Time |
Progress
Progress whatsup Gold |
|
CPE | cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:* |
Information
Published : 2018-05-01 16:29
Updated : 2024-11-21 04:14
NVD link : CVE-2018-8939
Mitre link : CVE-2018-8939
CVE.ORG link : CVE-2018-8939
JSON object : View
Products Affected
progress
- whatsup_gold
CWE
CWE-918
Server-Side Request Forgery (SSRF)