CVE-2018-8938

Name of the Vulnerable Software and Affected Versions Ipswitch WhatsUp Gold versions prior to 18.0

Description A Code Injection issue was discovered in DlgSelectMibFile.asp, related to errors in code generation management. This issue allows malicious actors to inject a specially crafted SNMP MIB file, potentially enabling them to execute arbitrary commands and code on the WhatsUp Gold server.

Recommendations For versions prior to 18.0, update to version 18.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the DlgSelectMibFile.asp component to minimize the risk of exploitation. Avoid using specially crafted SNMP MIB files until the issue is resolved.