CVE-2018-8939

An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands.

Published: May 1, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-8939
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
progress / whatsup_gold	-	18.0

https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm

Vulnerability Database

290,278

CVE-2018-8939