CVE-2006-2353

Name of the Vulnerable Software and Affected Versions Ipswitch WhatsUp Professional 2006 Ipswitch WhatsUp Professional 2006 Premium

Description The issue allows remote attackers to redirect users to other websites. This is achieved through the sCancelURL and possibly the sRedirectUrl parameters in the NmConsole/DeviceSelection.asp file.

Recommendations For Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium, avoid using the sCancelURL and sRedirectUrl parameters in the NmConsole/DeviceSelection.asp file until the issue is resolved. As a temporary workaround, consider restricting access to the NmConsole/DeviceSelection.asp file to minimize the risk of exploitation.