CVE-2018-8939
CRITICALWhatsUp Gold < 18.0 - Server-Side Request Forgery via NmAPI.exe
Title source: llmDescription
An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands.
References (1)
Core 1
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm
Scores
CVSS v3
9.8
EPSS
0.0007
EPSS Percentile
21.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-918
Status
published
Products (1)
progress/whatsup_gold
< 18.0
Published
May 01, 2018
Tracked Since
Feb 18, 2026