Sign-up

ID

VAR-201801-1349


CVE

CVE-2018-5778


TITLE

Ipswitch WhatsUp Gold In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001598

DESCRIPTION

An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors. Ipswitch WhatsUp Gold Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ipswitch WhatsUp Gold is a set of unified infrastructure and application monitoring software from Ipswitch in the United States. The software supports the performance management of networks, servers, virtual environments and applications

Trust: 1.71

sources: NVD: CVE-2018-5778 // JVNDB: JVNDB-2018-001598 // VULHUB: VHN-135810

AFFECTED PRODUCTS

vendor:progressmodel:whatsup goldscope:ltversion:17.1.1

Trust: 1.0

vendor:ipswitchmodel:whatsup goldscope:ltversion:2017 plus sp1 (17.1.1)

Trust: 0.8

vendor:ipswitchmodel:whatsup goldscope:eqversion:7.0

Trust: 0.6

vendor:ipswitchmodel:whatsup goldscope:eqversion:8.03

Trust: 0.6

vendor:ipswitchmodel:whatsup goldscope:eqversion:15.02

Trust: 0.6

vendor:ipswitchmodel:whatsup goldscope:eqversion:8.01

Trust: 0.6

vendor:ipswitchmodel:whatsup goldscope:eqversion:16.3

Trust: 0.6

vendor:ipswitchmodel:whatsup goldscope:eqversion:7.03

Trust: 0.6

vendor:ipswitchmodel:whatsup goldscope:eqversion:7.04

Trust: 0.6

vendor:ipswitchmodel:whatsup goldscope:eqversion:8.0

Trust: 0.6

vendor:ipswitchmodel:whatsup goldscope:eqversion:11

Trust: 0.6

sources: JVNDB: JVNDB-2018-001598 // CNNVD: CNNVD-201801-914 // NVD: CVE-2018-5778

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5778
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5778
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201801-914
value: HIGH

Trust: 0.6

VULHUB: VHN-135810
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5778
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-135810
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5778
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-135810 // JVNDB: JVNDB-2018-001598 // CNNVD: CNNVD-201801-914 // NVD: CVE-2018-5778

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-135810 // JVNDB: JVNDB-2018-001598 // NVD: CVE-2018-5778

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-914

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201801-914

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001598

PATCH
title:Release Notes for Ipswitch WhatsUp Goldurl:https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4
Trust: 0.8
title:Ipswitch WhatsUp Gold SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78051
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001598 // 
            
            
            
            CNNVD: CNNVD-201801-914

EXTERNAL IDS
db:NVDid:CVE-2018-5778
Trust: 2.5
db:JVNDBid:JVNDB-2018-001598
Trust: 0.8
db:CNNVDid:CNNVD-201801-914
Trust: 0.7
db:VULHUBid:VHN-135810
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135810 // 
            
            
            
            JVNDB: JVNDB-2018-001598 // 
            
            
            
            CNNVD: CNNVD-201801-914 // 
            
            
            
            NVD: CVE-2018-5778

REFERENCES
url:https://docs.ipswitch.com/nm/whatsupgold2017plus/01_releasenotes/17plussp1/#link4
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5778
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5778
Trust: 0.8
sources:
            
            
            VULHUB: VHN-135810 // 
            
            
            
            JVNDB: JVNDB-2018-001598 // 
            
            
            
            CNNVD: CNNVD-201801-914 // 
            
            
            
            NVD: CVE-2018-5778

SOURCES
db:VULHUBid:VHN-135810
db:JVNDBid:JVNDB-2018-001598
db:CNNVDid:CNNVD-201801-914
db:NVDid:CVE-2018-5778

LAST UPDATE DATE
2024-11-23T22:52:13.567000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-135810date:2018-02-09T00:00:00
db:JVNDBid:JVNDB-2018-001598date:2018-02-26T00:00:00
db:CNNVDid:CNNVD-201801-914date:2018-01-25T00:00:00
db:NVDid:CVE-2018-5778date:2024-11-21T04:09:22.540

SOURCES RELEASE DATE
db:VULHUBid:VHN-135810date:2018-01-24T00:00:00
db:JVNDBid:JVNDB-2018-001598date:2018-02-26T00:00:00
db:CNNVDid:CNNVD-201801-914date:2018-01-25T00:00:00
db:NVDid:CVE-2018-5778date:2018-01-24T15:29:01.340