CVE-2018-8939

Name of the Vulnerable Software and Affected Versions Ipswitch WhatsUp Gold versions prior to 18.0

Description A Server-Side Request Forgery (SSRF) issue was discovered in the NmAPI.exe executable. This allows malicious actors to submit specially crafted requests to gain unauthorized access to the system, obtain information about the system, or execute remote commands. The issue is related to insufficient validation of incoming requests.

Recommendations For Ipswitch WhatsUp Gold versions prior to 18.0, update to version 18.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the NmAPI executable to minimize the risk of exploitation.