Vulnerabilities > CVE-2018-8939 - Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

progress

CWE-918

critical

NVD

Published: 2018-05-01

Updated: 2024-08-27

Summary

An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands.

Vulnerable Configurations

Part	Description	Count
Application	Progress Progress Whatsup Gold - Progress Whatsup Gold 7.0 Progress Whatsup Gold 7.03 Progress Whatsup Gold 7.04 Progress Whatsup Gold 8.0 Progress Whatsup Gold 8.01 Progress Whatsup Gold 8.03 Progress Whatsup Gold 11 Progress Whatsup Gold 15.02 Progress Whatsup Gold 16.3 Progress Whatsup Gold 16.4 Progress Whatsup Gold 17.1.1	13

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm