Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310106163HistoryAug 02, 2016 - 12:00 a.m.
Ipswitch WhatsUp < 16.4 Multiple Vulnerabilities
2016-08-0200:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
9
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
6.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
6.6 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.0%
Ipswitch WhatsUp Gold is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:progress:whatsupgold";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106163");
script_version("2023-11-03T05:05:46+0000");
script_tag(name:"last_modification", value:"2023-11-03 05:05:46 +0000 (Fri, 03 Nov 2023)");
script_tag(name:"creation_date", value:"2016-08-02 08:27:33 +0700 (Tue, 02 Aug 2016)");
script_tag(name:"cvss_base", value:"6.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2016-12-06 03:03:00 +0000 (Tue, 06 Dec 2016)");
script_cve_id("CVE-2015-6004", "CVE-2015-6005");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Ipswitch WhatsUp < 16.4 Multiple Vulnerabilities");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_progress_whatsup_http_detect.nasl");
script_mandatory_keys("progress/whatsup_gold/detected");
script_tag(name:"summary", value:"Ipswitch WhatsUp Gold is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The following vulnerabilities exist:
- CVE-2015-6004: Multiple SQL injection vulnerabilities allow remote attackers to execute
arbitrary SQL commands via the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the
Reports component or the Find Device parameter.
- CVE-2015-6005: Multiple cross-site scripting (XSS) vulnerabilities in allow remote attackers to
inject arbitrary web script or HTML via an SNMP OID object, an SNMP trap message, the View Names
field, the Group Names field, the Flow Monitor Credentials field, the Flow Monitor Threshold Name
field, the Task Library Name field, the Task Library Description field, the Policy Library Name
field, the Policy Library Description field, the Template Library Name field, the Template
Library Description field, the System Script Library Name field, the System Script Library
Description field, or the CLI Settings Library Description field.)");
script_tag(name:"impact", value:"An authenticated attacker may execute arbitrary SQL commands or
inject arbitrary web script or HTML.");
script_tag(name:"affected", value:"IPSwitch WhatsUp Gold prior to version 16.4.");
script_tag(name:"solution", value:"Update to version 16.4 or later.");
script_xref(name:"URL", value:"https://www.kb.cert.org/vuls/id/176160");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!version = get_app_version(cpe: CPE, port: port))
exit(0);
if (version_is_less(version: version, test_version: "16.4")) {
report = report_fixed_ver(installed_version: version, fixed_version: "16.4");
security_message(port: port, data: report);
exit(0);
}
exit(99);
References
Related
cert
cert
IPswitch WhatsUp Gold contains multiple XSS vulnerabilities and a SQLi
2015-12-16 00:00:00
nessus
nessus
Ipswitch WhatsUp Gold < 16.4 Multiple Vulnerabilities
2016-02-15 00:00:00
Ipswitch WhatsUp Gold < 16.4 Multiple Vulnerabilities
2016-01-22 00:00:00
nvd
nvd
CVE-2015-6005
2015-12-27 03:59:01
CVE-2015-6004
2015-12-27 03:59:00
cve
cve
CVE-2015-6005
2015-12-27 03:59:01
CVE-2015-6004
2015-12-27 03:59:00
prion
prion
Cross site scripting
2015-12-27 03:59:00
Sql injection
2015-12-27 03:59:00
cvelist
cvelist
CVE-2015-6005
2015-12-27 02:00:00
CVE-2015-6004
2015-12-27 02:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
6.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
6.6 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.0%
Related for OPENVAS:1361412562310106163