PT-2006-3317 · Ipswitch · Ipswitch Whatsup Professional 2006+1

David Maciejak

·

Published

2006-05-15

·

Updated

2017-07-20

·

CVE-2006-2353

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Ipswitch WhatsUp Professional 2006 Ipswitch WhatsUp Professional 2006 Premium
Description The issue allows remote attackers to redirect users to other websites. This is achieved through the sCancelURL and possibly the sRedirectUrl parameters in the NmConsole/DeviceSelection.asp file.
Recommendations For Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium, avoid using the sCancelURL and sRedirectUrl parameters in the NmConsole/DeviceSelection.asp file until the issue is resolved. As a temporary workaround, consider restricting access to the NmConsole/DeviceSelection.asp file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2006-2353

Affected Products

Ipswitch Whatsup Professional 2006
Ipswitch Whatsup Professional 2006 Premium