Vulnerability CVE-2018-8939


Published: 2018-05-01

Description:
An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands.

Type:

CWE-918

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Ipswitch -> Whatsup gold 

 References:
https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm

Copyright 2024, cxsecurity.com

 

Back to Top