Details of VAR-201805-0959

ID

VAR-201805-0959

CVE

CVE-2018-8939

TITLE

Ipswitch WhatsUp Gold Server-side request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004960

DESCRIPTION

An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands. Ipswitch WhatsUp Gold Contains a server-side request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ipswitch WhatsUp Gold is a set of unified infrastructure and application monitoring software from Ipswitch in the United States. The software supports the performance management of networks, servers, virtual environments and applications

Trust: 1.71

sources: NVD: CVE-2018-8939 // JVNDB: JVNDB-2018-004960 // VULHUB: VHN-138971

AFFECTED PRODUCTS

vendor:	progress	model:	whatsup gold	scope:	lt	version:	18.0	Trust: 1.0
vendor:	ipswitch	model:	whatsup gold	scope:	lt	version:	2018 (18.0)	Trust: 0.8
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	7.0	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	8.03	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	15.02	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	8.01	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	16.3	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	7.03	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	7.04	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	8.0	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	11	Trust: 0.6

sources: JVNDB: JVNDB-2018-004960 // CNNVD: CNNVD-201805-018 // NVD: CVE-2018-8939

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-8939
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-8939
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201805-018
value:	HIGH
Trust: 0.6
VULHUB:	VHN-138971
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-8939
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-138971
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-8939
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-138971 // JVNDB: JVNDB-2018-004960 // CNNVD: CNNVD-201805-018 // NVD: CVE-2018-8939

PROBLEMTYPE DATA

problemtype:

CWE-918

Trust: 1.9

sources: VULHUB: VHN-138971 // JVNDB: JVNDB-2018-004960 // NVD: CVE-2018-8939

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-018

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-018

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004960

PATCH

title:	Release Notes for Ipswitch WhatsUp Gold 2018	url:	https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm	Trust: 0.8
title:	Ipswitch WhatsUp Gold Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79765	Trust: 0.6

sources: JVNDB: JVNDB-2018-004960 // CNNVD: CNNVD-201805-018

EXTERNAL IDS

db:	NVD	id:	CVE-2018-8939	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-004960	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-018	Trust: 0.6
db:	VULHUB	id:	VHN-138971	Trust: 0.1

sources: VULHUB: VHN-138971 // JVNDB: JVNDB-2018-004960 // CNNVD: CNNVD-201805-018 // NVD: CVE-2018-8939

REFERENCES

url:	https://docs.ipswitch.com/nm/whatsupgold2018/01_releasenotes/index.htm	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8939	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8939	Trust: 0.8

sources: VULHUB: VHN-138971 // JVNDB: JVNDB-2018-004960 // CNNVD: CNNVD-201805-018 // NVD: CVE-2018-8939

SOURCES

db:	VULHUB	id:	VHN-138971
db:	JVNDB	id:	JVNDB-2018-004960
db:	CNNVD	id:	CNNVD-201805-018
db:	NVD	id:	CVE-2018-8939

LAST UPDATE DATE

2024-11-23T22:55:52.943000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-138971	date:	2018-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-004960	date:	2018-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201805-018	date:	2018-05-02T00:00:00
db:	NVD	id:	CVE-2018-8939	date:	2024-11-21T04:14:38.980

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-138971	date:	2018-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-004960	date:	2018-07-02T00:00:00
db:	CNNVD	id:	CNNVD-201805-018	date:	2018-05-02T00:00:00
db:	NVD	id:	CVE-2018-8939	date:	2018-05-01T16:29:00.507