CVE-2015-6005

Name of the Vulnerable Software and Affected Versions IPSwitch WhatsUp Gold versions prior to 16.4

Description The issue allows remote attackers to inject arbitrary web script or HTML via multiple fields, including (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field.

Recommendations For IPSwitch WhatsUp Gold versions prior to 16.4, update to version 16.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the mentioned fields to minimize the risk of exploitation. Avoid using the mentioned fields in the affected versions until the issue is resolved.