cvelistv5 - cve-2015-6005

CVE-2015-6005 (GCVE-0-2015-6005)

Vulnerability from cvelistv5 – Published: 2015-12-27 02:00 – Updated: 2024-08-06 07:06

Summary

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

Tags

	https://www.kb.cert.org/vuls/id/176160	third-party-advisoryx_refsource_CERT-VN
	http://twitter.com/ipswitch/statuses/677558623229317121	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034833	vdb-entryx_refsource_SECTRACK
	https://community.rapid7.com/community/infosec/bl…	x_refsource_MISC
	http://www.securityfocus.com/bid/79506	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:06:35.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#176160",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/176160"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://twitter.com/ipswitch/statuses/677558623229317121"
          },
          {
            "name": "1034833",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034833"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems"
          },
          {
            "name": "79506",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79506"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-02T20:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "VU#176160",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/176160"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://twitter.com/ipswitch/statuses/677558623229317121"
        },
        {
          "name": "1034833",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034833"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems"
        },
        {
          "name": "79506",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79506"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-6005",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#176160",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/176160"
            },
            {
              "name": "http://twitter.com/ipswitch/statuses/677558623229317121",
              "refsource": "CONFIRM",
              "url": "http://twitter.com/ipswitch/statuses/677558623229317121"
            },
            {
              "name": "1034833",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034833"
            },
            {
              "name": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems"
            },
            {
              "name": "79506",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79506"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2015-6005",
    "datePublished": "2015-12-27T02:00:00",
    "dateReserved": "2015-08-14T00:00:00",
    "dateUpdated": "2024-08-06T07:06:35.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"16.3\", \"matchCriteriaId\": \"0956392B-9072-4C26-BB8A-9DFD92594C57\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de XSS en IPSwitch WhatsUp Gold en versiones anteriores a la 16.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a trav\\u00e9s (1) de un objeto SNMP OID, (2) de un mensaje trap SNMP, (3) del campo View Names, (4) del campo Group Names, (5) del campo Flow Monitor Credentials, (6) del campo Flow Monitor Threshold Name, (7) del campo Task Library Name, (8) del campo Task Library Description, (9) del campo Policy Library Name, (10) del campo Policy Library Description, (11) del campo Template Library Name, (12) del campo Template Library Description, (13) del campo System Script Library Name, (14) del campo System Script Library Description o (15) del campo CLI Settings Library Description.\"}]",
      "id": "CVE-2015-6005",
      "lastModified": "2024-11-21T02:34:16.830",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 4.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-12-27T03:59:01.097",
      "references": "[{\"url\": \"http://twitter.com/ipswitch/statuses/677558623229317121\", \"source\": \"cret@cert.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/79506\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.securitytracker.com/id/1034833\", \"source\": \"cret@cert.org\"}, {\"url\": \"https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/176160\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://twitter.com/ipswitch/statuses/677558623229317121\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/79506\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1034833\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/176160\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-6005\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2015-12-27T03:59:01.097\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de XSS en IPSwitch WhatsUp Gold en versiones anteriores a la 16.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a trav\u00e9s (1) de un objeto SNMP OID, (2) de un mensaje trap SNMP, (3) del campo View Names, (4) del campo Group Names, (5) del campo Flow Monitor Credentials, (6) del campo Flow Monitor Threshold Name, (7) del campo Task Library Name, (8) del campo Task Library Description, (9) del campo Policy Library Name, (10) del campo Policy Library Description, (11) del campo Template Library Name, (12) del campo Template Library Description, (13) del campo System Script Library Name, (14) del campo System Script Library Description o (15) del campo CLI Settings Library Description.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":4.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"16.3\",\"matchCriteriaId\":\"0956392B-9072-4C26-BB8A-9DFD92594C57\"}]}]}],\"references\":[{\"url\":\"http://twitter.com/ipswitch/statuses/677558623229317121\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/79506\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securitytracker.com/id/1034833\",\"source\":\"cret@cert.org\"},{\"url\":\"https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/176160\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://twitter.com/ipswitch/statuses/677558623229317121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/79506\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1034833\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/176160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

CNVD-2015-08433

Vulnerability from cnvd - Published: 2015-12-23

Title

Ipswitch WhatsUp Gold SQL注入漏洞

Description

Ipswitch WhatsUp Gold是一套统一的基础设施和应用监控软件。 IPswitch WhatsUp Gold存在SQL注入漏洞。由于未能正确过滤‘UniqueID’参数，允许远程攻击者利用漏洞提交特制的SQL查询，操作或获取数据库数据。

Severity

高

Patch Name

Ipswitch WhatsUp Gold SQL注入漏洞的补丁

Patch Description

Ipswitch WhatsUp Gold是一套统一的基础设施和应用监控软件。 IPswitch WhatsUp Gold存在SQL注入漏洞。由于未能正确过滤‘UniqueID’参数，允许远程攻击者利用漏洞提交特制的SQL查询，操作或获取数据库数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.whatsupgold.com/

Reference

http://www.securityfocus.com/bid/79506

Impacted products

Name
['Ipswitch WhatsUp Gold 15.0.2', 'Ipswitch WhatsUp Gold 15.0', 'Ipswitch WhatsUp Gold 14.2', 'Ipswitch WhatsUp Gold 14.3', 'Ipswitch WhatsUp Gold 14.4', 'Ipswitch WhatsUp Gold 14.4.1', 'Ipswitch WhatsUp Gold 15.0.1']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "79506"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6005"
    }
  },
  "description": "Ipswitch WhatsUp Gold\u662f\u4e00\u5957\u7edf\u4e00\u7684\u57fa\u7840\u8bbe\u65bd\u548c\u5e94\u7528\u76d1\u63a7\u8f6f\u4ef6\u3002\r\n\r\nIPswitch WhatsUp Gold\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u7531\u4e8e\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u2018UniqueID\u2019\u53c2\u6570\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u5236\u7684SQL\u67e5\u8be2\uff0c\u64cd\u4f5c\u6216\u83b7\u53d6\u6570\u636e\u5e93\u6570\u636e\u3002",
  "discovererName": "Noam Rathaus, Owen Shearing of 7Safe Ltd., and Rapid7",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.whatsupgold.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-08433",
  "openTime": "2015-12-23",
  "patchDescription": "Ipswitch WhatsUp Gold\u662f\u4e00\u5957\u7edf\u4e00\u7684\u57fa\u7840\u8bbe\u65bd\u548c\u5e94\u7528\u76d1\u63a7\u8f6f\u4ef6\u3002\r\n\r\nIPswitch WhatsUp Gold\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u7531\u4e8e\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u2018UniqueID\u2019\u53c2\u6570\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u5236\u7684SQL\u67e5\u8be2\uff0c\u64cd\u4f5c\u6216\u83b7\u53d6\u6570\u636e\u5e93\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ipswitch WhatsUp Gold SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Ipswitch WhatsUp Gold 15.0.2",
      "Ipswitch WhatsUp Gold 15.0",
      "Ipswitch WhatsUp Gold 14.2",
      "Ipswitch WhatsUp Gold 14.3",
      "Ipswitch WhatsUp Gold 14.4",
      "Ipswitch WhatsUp Gold 14.4.1",
      "Ipswitch WhatsUp Gold 15.0.1"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/79506",
  "serverity": "\u9ad8",
  "submitTime": "2015-12-20",
  "title": "Ipswitch WhatsUp Gold SQL\u6ce8\u5165\u6f0f\u6d1e"
}

FKIE_CVE-2015-6005

Vulnerability from fkie_nvd - Published: 2015-12-27 03:59 - Updated: 2025-04-12 10:46

Severity ?

6.9 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

Summary

References

URL	Tags
cret@cert.org	http://twitter.com/ipswitch/statuses/677558623229317121	Vendor Advisory
cret@cert.org	http://www.securityfocus.com/bid/79506
cret@cert.org	http://www.securitytracker.com/id/1034833
cret@cert.org	https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems	Exploit
cret@cert.org	https://www.kb.cert.org/vuls/id/176160	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://twitter.com/ipswitch/statuses/677558623229317121	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/79506
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034833
af854a3a-2127-422b-91ae-364da2661108	https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/176160	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	progress	whatsup_gold	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0956392B-9072-4C26-BB8A-9DFD92594C57",
              "versionEndIncluding": "16.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en IPSwitch WhatsUp Gold en versiones anteriores a la 16.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a trav\u00e9s (1) de un objeto SNMP OID, (2) de un mensaje trap SNMP, (3) del campo View Names, (4) del campo Group Names, (5) del campo Flow Monitor Credentials, (6) del campo Flow Monitor Threshold Name, (7) del campo Task Library Name, (8) del campo Task Library Description, (9) del campo Policy Library Name, (10) del campo Policy Library Description, (11) del campo Template Library Name, (12) del campo Template Library Description, (13) del campo System Script Library Name, (14) del campo System Script Library Description o (15) del campo CLI Settings Library Description."
    }
  ],
  "id": "CVE-2015-6005",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 4.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2015-12-27T03:59:01.097",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://twitter.com/ipswitch/statuses/677558623229317121"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/79506"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securitytracker.com/id/1034833"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/176160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://twitter.com/ipswitch/statuses/677558623229317121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/79506"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/176160"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201512-0081

Vulnerability from variot - Updated: 2023-12-18 12:30

Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. IPSwitch WhatsUp Gold Contains a cross-site scripting vulnerability.By any third party, via Web Script or HTML May be inserted. Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. Ipswitch WhatsUp Gold is a set of unified infrastructure and application monitoring software from Ipswitch in the United States. The software supports the performance management of networks, servers, virtual environments and applications

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0081",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "whatsup gold",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ipswitch",
        "version": "16.3"
      },
      {
        "model": "whatsup gold",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ipswitch",
        "version": "16.3"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ipswitch",
        "version": null
      },
      {
        "model": "whatsup gold",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ipswitch",
        "version": "16.4"
      },
      {
        "model": "whatsup gold",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "14.4.2"
      },
      {
        "model": "whatsup gold",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "14.2"
      },
      {
        "model": "whatsup gold",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "15.0.2"
      },
      {
        "model": "whatsup gold",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "15.02"
      },
      {
        "model": "whatsup gold",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "15.0.1"
      },
      {
        "model": "whatsup gold",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "14.4.1"
      },
      {
        "model": "whatsup gold",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "14.4"
      },
      {
        "model": "whatsup gold",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "15.0"
      },
      {
        "model": "whatsup gold",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "16.4.1"
      },
      {
        "model": "whatsup gold",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "15.0.3"
      },
      {
        "model": "whatsup gold",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "14.3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#176160"
      },
      {
        "db": "BID",
        "id": "79506"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006530"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6005"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-525"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:whatsup_gold:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "16.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6005"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Noam Rathaus, Owen Shearing of 7Safe Ltd., and Rapid7",
    "sources": [
      {
        "db": "BID",
        "id": "79506"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-525"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-6005",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-6005",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-83966",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.7,
            "impactScore": 4.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-6005",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-6005",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-525",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-83966",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83966"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006530"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6005"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-525"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. IPSwitch WhatsUp Gold Contains a cross-site scripting vulnerability.By any third party, via Web Script or HTML May be inserted. \nExploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. Ipswitch WhatsUp Gold is a set of unified infrastructure and application monitoring software from Ipswitch in the United States. The software supports the performance management of networks, servers, virtual environments and applications",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6005"
      },
      {
        "db": "CERT/CC",
        "id": "VU#176160"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006530"
      },
      {
        "db": "BID",
        "id": "79506"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83966"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#176160",
        "trust": 3.6
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6005",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "79506",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1034833",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU94212028",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006530",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-525",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-83966",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#176160"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83966"
      },
      {
        "db": "BID",
        "id": "79506"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006530"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6005"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-525"
      }
    ]
  },
  "id": "VAR-201512-0081",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83966"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:30:10.265000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "WhatsUp Gold",
        "trust": 0.8,
        "url": "http://www.whatsupgold.com/jp/"
      },
      {
        "title": "Twitter",
        "trust": 0.8,
        "url": "http://twitter.com/ipswitch/statuses/677558623229317121"
      },
      {
        "title": "Ipswitch WhatsUp GoldV16.4",
        "trust": 0.8,
        "url": "http://www.whatsupgold.com/jp/products/whatsup-gold.aspx"
      },
      {
        "title": "Ipswitch WhatsUp Gold Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59301"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006530"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-525"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83966"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006530"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6005"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://www.kb.cert.org/vuls/id/176160"
      },
      {
        "trust": 2.5,
        "url": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/79506"
      },
      {
        "trust": 1.7,
        "url": "http://twitter.com/ipswitch/statuses/677558623229317121"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1034833"
      },
      {
        "trust": 0.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 0.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 0.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6005"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94212028/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6005"
      },
      {
        "trust": 0.3,
        "url": "http://www.whatsupgold.com/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#176160"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83966"
      },
      {
        "db": "BID",
        "id": "79506"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006530"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6005"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-525"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#176160"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83966"
      },
      {
        "db": "BID",
        "id": "79506"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006530"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6005"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-525"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#176160"
      },
      {
        "date": "2015-12-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83966"
      },
      {
        "date": "2015-12-16T00:00:00",
        "db": "BID",
        "id": "79506"
      },
      {
        "date": "2016-01-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006530"
      },
      {
        "date": "2015-12-27T03:59:01.097000",
        "db": "NVD",
        "id": "CVE-2015-6005"
      },
      {
        "date": "2015-12-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-525"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#176160"
      },
      {
        "date": "2016-12-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83966"
      },
      {
        "date": "2015-12-16T00:00:00",
        "db": "BID",
        "id": "79506"
      },
      {
        "date": "2016-01-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006530"
      },
      {
        "date": "2016-12-06T03:03:06.243000",
        "db": "NVD",
        "id": "CVE-2015-6005"
      },
      {
        "date": "2015-12-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-525"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-525"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IPswitch WhatsUp Gold contains multiple XSS vulnerabilities and a SQLi",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#176160"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-525"
      }
    ],
    "trust": 0.6
  }
}

GSD-2015-6005

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-6005

Aliases

CVE-2015-6005

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-6005",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field.",
    "id": "GSD-2015-6005"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-6005"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field.",
      "id": "GSD-2015-6005",
      "modified": "2023-12-13T01:20:04.256889Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-6005",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#176160",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/176160"
          },
          {
            "name": "http://twitter.com/ipswitch/statuses/677558623229317121",
            "refsource": "CONFIRM",
            "url": "http://twitter.com/ipswitch/statuses/677558623229317121"
          },
          {
            "name": "1034833",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034833"
          },
          {
            "name": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems",
            "refsource": "MISC",
            "url": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems"
          },
          {
            "name": "79506",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/79506"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:whatsup_gold:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "16.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-6005"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://twitter.com/ipswitch/statuses/677558623229317121",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://twitter.com/ipswitch/statuses/677558623229317121"
            },
            {
              "name": "VU#176160",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/176160"
            },
            {
              "name": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems"
            },
            {
              "name": "79506",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/79506"
            },
            {
              "name": "1034833",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034833"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.7,
          "impactScore": 4.7
        }
      },
      "lastModifiedDate": "2016-12-06T03:03Z",
      "publishedDate": "2015-12-27T03:59Z"
    }
  }
}

GHSA-RPRF-X38F-C4GM

Vulnerability from github – Published: 2022-05-17 03:29 – Updated: 2022-05-17 03:29

Details

Severity ?

6.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-6005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-12-27T03:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field.",
  "id": "GHSA-rprf-x38f-c4gm",
  "modified": "2022-05-17T03:29:54Z",
  "published": "2022-05-17T03:29:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6005"
    },
    {
      "type": "WEB",
      "url": "https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/176160"
    },
    {
      "type": "WEB",
      "url": "http://twitter.com/ipswitch/statuses/677558623229317121"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/79506"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034833"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-6005 (GCVE-0-2015-6005)

CNVD-2015-08433

FKIE_CVE-2015-6005

VAR-201512-0081

GSD-2015-6005

GHSA-RPRF-X38F-C4GM

Tags

Sightings

Nomenclature