CVSS: 6.5EPSS: 56%CPEs: 2EXPL: 0CVE-2022-29848
https://notcve.org/view.php?id=CVE-2022-29848
11 May 2022 — In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system. En Progress Ipswitch WhatsUp Gold versiones 17.0.0 hasta 21.1.1, y 22.0.0, es posible que un usuario autenticado invoque una transacción de la API que le permita leer atributos confidenciales del sistema operativo desde un host que sea accesible ... • https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 88%CPEs: 2EXPL: 0CVE-2022-29847
https://notcve.org/view.php?id=CVE-2022-29847
11 May 2022 — In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. En Progress Ipswitch WhatsUp Gold versiones 21.0.0 hasta 21.1.1, y 22.0.0, es posible que un atacante no autenticado invoque una transacción de API que le permita transmitir credenciales de usuario de WhatsUp Gold cifradas a un host arbitrario • https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 37%CPEs: 2EXPL: 0CVE-2022-29846
https://notcve.org/view.php?id=CVE-2022-29846
11 May 2022 — In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. En Ipswitch Progress WhatsUp Gold versiones 16.1 hasta 21.1.1, y 22.0.0, es posible que un atacante no autenticado obtenga el número de serie de la instalación de WhatsUp Gold • https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 •
CVSS: 6.5EPSS: 42%CPEs: 3EXPL: 0CVE-2022-29845
https://notcve.org/view.php?id=CVE-2022-29845
11 May 2022 — In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. En Progress Ipswitch WhatsUp Gold versiones 21.1.0 hasta 21.1.1, y 22.0.0, es posible que un usuario autenticado invoque una transacción API que le permita leer el contenido de un archivo local • https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8938
https://notcve.org/view.php?id=CVE-2018-8938
01 May 2018 — A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server. Se ha descubierto una vulnerabilidad de inyección de código en DlgSelectMibFile.asp en Ipswitch WhatsUp Gold en versiones anteriores al 2018 (18.0). Los actores maliciosos pueden inyectar un archivo MIB SNMP especialmente manipulado que podría permitirle... • https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8939
https://notcve.org/view.php?id=CVE-2018-8939
01 May 2018 — An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands. Se ha descubierto una vulnerabilidad SSRF en NmAPI.exe en Ipswitch WhatsUp Gold en versiones anteriores al 2018 (18.0). Los actores maliciosos pueden enviar peticiones especialmente manipuladas media... • https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5777
https://notcve.org/view.php?id=CVE-2018-5777
24 Jan 2018 — An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors. Se ha descubierto un problema en Ipswitch WhatsUp Gold en versiones anteriores a la 2017 Plus SP1 (17.1.1). Los clientes remotos pueden aprovecharse de un error de configuración en el servidor TFTP que podría permitir que los atacantes ejecuten comandos ar... • https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5778
https://notcve.org/view.php?id=CVE-2018-5778
24 Jan 2018 — An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors. Se ha descubierto un problema en Ipswitch WhatsUp Gold en versiones anteriores a la 2017 Plus SP1 (17.1.1). Múltiples vulnerabilidades de inyección SQL están presentes en las páginas .ASP antiguas, que podrían permitir que los atacantes ejecuten comandos SQL arbitrari... • https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1000000
https://notcve.org/view.php?id=CVE-2016-1000000
06 Oct 2016 — Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection Inyección SQL en Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind • http://www.securityfocus.com/bid/94496 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 16%CPEs: 1EXPL: 2CVE-2015-8261 – WhatsUp Gold 16.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-8261
08 Jan 2016 — The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request. La implementación de DroneDeleteOldMeasurements en Ipswitch WhatsUp Gold en versiones anteriores a 16.4 no valida correctamente objetos XML serializados, lo que permite a atacantes remotos llevar a cabo ataques de inyección SQL a través de una petición SOAP manipulada. WhatsUp Gold vers... • https://packetstorm.news/files/id/135277 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •