CVE-2022-29848
https://notcve.org/view.php?id=CVE-2022-29848
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system. En Progress Ipswitch WhatsUp Gold versiones 17.0.0 hasta 21.1.1, y 22.0.0, es posible que un usuario autenticado invoque una transacción de la API que le permita leer atributos confidenciales del sistema operativo desde un host que sea accesible por el sistema WhatsUp Gold • https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 https://www.progress.com/network-monitoring • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-29847
https://notcve.org/view.php?id=CVE-2022-29847
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. En Progress Ipswitch WhatsUp Gold versiones 21.0.0 hasta 21.1.1, y 22.0.0, es posible que un atacante no autenticado invoque una transacción de API que le permita transmitir credenciales de usuario de WhatsUp Gold cifradas a un host arbitrario • https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 https://www.progress.com/network-monitoring • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-29846
https://notcve.org/view.php?id=CVE-2022-29846
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. En Ipswitch Progress WhatsUp Gold versiones 16.1 hasta 21.1.1, y 22.0.0, es posible que un atacante no autenticado obtenga el número de serie de la instalación de WhatsUp Gold • https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 https://www.progress.com/network-monitoring •
CVE-2022-29845
https://notcve.org/view.php?id=CVE-2022-29845
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. En Progress Ipswitch WhatsUp Gold versiones 21.1.0 hasta 21.1.1, y 22.0.0, es posible que un usuario autenticado invoque una transacción API que le permita leer el contenido de un archivo local • https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 https://www.progress.com/network-monitoring • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2018-8939
https://notcve.org/view.php?id=CVE-2018-8939
An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands. Se ha descubierto una vulnerabilidad SSRF en NmAPI.exe en Ipswitch WhatsUp Gold en versiones anteriores al 2018 (18.0). Los actores maliciosos pueden enviar peticiones especialmente manipuladas mediante el ejecutable NmAPI para (1) obtener acceso no autorizado al sistema de WhatsUp Gold, (2) obtener información sobre el sistema de WhatsUp Gold o (3) ejecutar comandos remotos. • https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm • CWE-918: Server-Side Request Forgery (SSRF) •