Vulnerabilities > CVE-2018-8939 - Server-Side Request Forgery (SSRF) vulnerability in Ipswitch Whatsup Gold

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

ipswitch

CWE-918

NVD

Published: 2018-05-01

Updated: 2018-06-13

Summary

An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands.

Vulnerable Configurations

Part	Description	Count
Application	Ipswitch Ipswitch Whatsup Gold 7.0 Ipswitch Whatsup Gold 7.03 Ipswitch Whatsup Gold 7.04 Ipswitch Whatsup Gold 8.0 Ipswitch Whatsup Gold 8.01 Ipswitch Whatsup Gold 8.03 Ipswitch Whatsup Gold 11 Ipswitch Whatsup Gold 15.02 Ipswitch Whatsup Gold 16.3 Ipswitch Whatsup Gold 16.4	11

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm