First published: Tue May 01 2018(Updated: )
An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ipswitch WhatsUp Gold | <18.0 | |
Progress WhatsUp Gold | <18.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-8939 is an SSRF (Server-Side Request Forgery) vulnerability discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0).
CVE-2018-8939 allows malicious actors to submit specially crafted requests via the NmAPI executable to gain unauthorized access, obtain information about, or execute remote commands on the WhatsUp Gold system.
CVE-2018-8939 has a severity rating of 9.8 (Critical).
To fix CVE-2018-8939, it is recommended to upgrade Ipswitch WhatsUp Gold to version 2018 (18.0) or later.
You can find more information about CVE-2018-8939 in the release notes of Ipswitch WhatsUp Gold version 2018 (18.0).