Ipswitch · Ipswitch Whatsup Gold · CVE-2015-8261
**Name of the Vulnerable Software and Affected Versions**
Ipswitch WhatsUp Gold versions prior to 16.4
**Description**
The issue is related to the DroneDeleteOldMeasurements implementation, which does not properly validate serialized XML objects. This allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.
**Recommendations**
For versions prior to 16.4, update to version 16.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the SOAP endpoint to minimize the risk of exploitation.