nvd-json-data-feeds/CVE-2018/CVE-2018-57xx/CVE-2018-5778.json

{
  "id": "CVE-2018-5778",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-01-24T15:29:01.340",
  "lastModified": "2018-02-09T18:08:07.017",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en Ipswitch WhatsUp Gold en versiones anteriores a la 2017 Plus SP1 (17.1.1). M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL est\u00e1n presentes en las p\u00e1ginas .ASP antiguas, que podr\u00edan permitir que los atacantes ejecuten comandos SQL arbitrarios mediante vectores sin especificar."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": true,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ipswitch:whatsup_gold:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "17.1.1",
              "matchCriteriaId": "14E4912C-E0D3-46C6-9EC0-B99D899D5A80"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4",
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ]
    }
  ]
}