CVE-2018-8938: Code Injection
First published: Tue May 01 2018(Updated: )
A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ipswitch WhatsUp Gold | <18.0 | |
| Progress WhatsUp Gold | <18.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this code injection issue?
The vulnerability ID for this code injection issue is CVE-2018-8938.
What is the severity rating of CVE-2018-8938?
The severity rating of CVE-2018-8938 is critical (9.8).
Which version of Ipswitch WhatsUp Gold is affected by this vulnerability?
Ipswitch WhatsUp Gold version up to (but not including) 18.0 is affected by this vulnerability.
What is the impact of exploiting this code injection vulnerability?
Exploiting this code injection vulnerability can allow malicious actors to execute arbitrary commands and code on the WhatsUp Gold server.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following link: [https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm](https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm)
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/ipswitch
- canonical/ipswitch whatsup gold
- vendor/progress
- canonical/progress whatsup gold