PT-2018-17141 · Ipswitch · Ipswitch Whatsup Gold
Anton Vaychikauskas
·
Published
2018-01-24
·
Updated
2024-08-27
·
CVE-2018-5778
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Ipswitch WhatsUp Gold versions prior to 2017 Plus SP1 (17.1.1)
Description:
An issue was discovered in the legacy .ASP pages of Ipswitch WhatsUp Gold, where multiple SQL injection vulnerabilities are present. These vulnerabilities could allow attackers to execute arbitrary SQL commands via unspecified vectors.
Recommendations:
For Ipswitch WhatsUp Gold versions prior to 2017 Plus SP1 (17.1.1), update to version 2017 Plus SP1 (17.1.1) or later to resolve the issue. As a temporary workaround, consider restricting access to the legacy .ASP pages to minimize the risk of exploitation.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ipswitch Whatsup Gold