Sign-up

ID

VAR-201610-0497


CVE

CVE-2016-1000000


TITLE

Ipswitch WhatsUp Gold of WrFreeFormText.asp of sUniqueID Parameter Blind in SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-005129

DESCRIPTION

Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Ipswitch WhatsUp Gold 16.4.1 is vulnerable; other versions may also be vulnerable. Ipswitch WhatsUp Gold is a set of unified infrastructure and application monitoring software from Ipswitch in the United States. The software supports the performance management of networks, servers, virtual environments and applications. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands

Trust: 1.98

sources: NVD: CVE-2016-1000000 // JVNDB: JVNDB-2016-005129 // BID: 94496 // VULHUB: VHN-88512

AFFECTED PRODUCTS

vendor:ipswitchmodel:whatsup goldscope:eqversion:16.4.1

Trust: 1.1

vendor:progressmodel:whatsup goldscope:lteversion:16.4

Trust: 1.0

vendor:ipswitchmodel:whatsup goldscope:eqversion:16.4

Trust: 0.6

vendor:ipswitchmodel:whatsup goldscope:neversion:16.5

Trust: 0.3

sources: BID: 94496 // JVNDB: JVNDB-2016-005129 // CNNVD: CNNVD-201610-148 // NVD: CVE-2016-1000000

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1000000
value: HIGH

Trust: 1.0

NVD: CVE-2016-1000000
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201610-148
value: MEDIUM

Trust: 0.6

VULHUB: VHN-88512
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1000000
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-88512
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1000000
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-88512 // JVNDB: JVNDB-2016-005129 // CNNVD: CNNVD-201610-148 // NVD: CVE-2016-1000000

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-88512 // JVNDB: JVNDB-2016-005129 // NVD: CVE-2016-1000000

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-148

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201610-148

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005129

PATCH
title:WhatsUp Goldurl:http://www.whatsupgold.com/jp/
Trust: 0.8
title:[R1] Ipswitch WhatsUp Gold WrFreeFormText.asp sUniqueID Parameter Blind SQL Injectionurl:http://www.tenable.com/security/research/tra-2016-15
Trust: 0.8
title:Ipswitch WhatsUp Gold SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64554
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-005129 // 
            
            
            
            CNNVD: CNNVD-201610-148

EXTERNAL IDS
db:NVDid:CVE-2016-1000000
Trust: 2.8
db:TENABLEid:TRA-2016-15
Trust: 2.0
db:BIDid:94496
Trust: 1.4
db:JVNDBid:JVNDB-2016-005129
Trust: 0.8
db:CNNVDid:CNNVD-201610-148
Trust: 0.7
db:VULHUBid:VHN-88512
Trust: 0.1
sources:
            
            
            VULHUB: VHN-88512 // 
            
            
            
            BID: 94496 // 
            
            
            
            JVNDB: JVNDB-2016-005129 // 
            
            
            
            CNNVD: CNNVD-201610-148 // 
            
            
            
            NVD: CVE-2016-1000000

REFERENCES
url:https://www.tenable.com/security/research/tra-2016-15
Trust: 2.0
url:http://www.securityfocus.com/bid/94496
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1000000
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1000000
Trust: 0.8
url:https://www.ipswitch.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-88512 // 
            
            
            
            BID: 94496 // 
            
            
            
            JVNDB: JVNDB-2016-005129 // 
            
            
            
            CNNVD: CNNVD-201610-148 // 
            
            
            
            NVD: CVE-2016-1000000

CREDITS
Jacob Baines, Tenable Network Security.
Trust: 0.3
sources:
            
            
            BID: 94496

SOURCES
db:VULHUBid:VHN-88512
db:BIDid:94496
db:JVNDBid:JVNDB-2016-005129
db:CNNVDid:CNNVD-201610-148
db:NVDid:CVE-2016-1000000

LAST UPDATE DATE
2024-11-23T22:13:13.195000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-88512date:2017-11-03T00:00:00
db:BIDid:94496date:2016-11-24T00:17:00
db:JVNDBid:JVNDB-2016-005129date:2016-10-12T00:00:00
db:CNNVDid:CNNVD-201610-148date:2016-10-12T00:00:00
db:NVDid:CVE-2016-1000000date:2024-11-21T02:42:49.310

SOURCES RELEASE DATE
db:VULHUBid:VHN-88512date:2016-10-06T00:00:00
db:BIDid:94496date:2016-10-06T00:00:00
db:JVNDBid:JVNDB-2016-005129date:2016-10-12T00:00:00
db:CNNVDid:CNNVD-201610-148date:2016-10-12T00:00:00
db:NVDid:CVE-2016-1000000date:2016-10-06T14:59:15.583