Ipswitch Whatsup Gold
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Ipswitch Whatsup Gold.
By the Year
In 2026 there have been 0 vulnerabilities in Ipswitch Whatsup Gold. Whatsup Gold did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 5.30 |
| 2023 | 1 | 5.40 |
| 2022 | 4 | 6.45 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 4 | 9.80 |
It may take a day or so for new Whatsup Gold vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ipswitch Whatsup Gold Security Vulnerabilities
WhatsUp Gold NmAPI.exe Remote Unauthenticated Registry Manipulation Vulnerability
CVE-2024-8785
5.3 - Medium
- December 02, 2024
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
WhatsUp Gold <2023.1 Stored XSS in Alert Center
CVE-2023-6366
5.4 - Medium
- December 14, 2023
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
XSS
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction
CVE-2022-29848
6.5 - Medium
- May 11, 2022
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.
SSRF
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction
CVE-2022-29847
7.5 - High
- May 11, 2022
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.
SSRF
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1
CVE-2022-29846
5.3 - Medium
- May 11, 2022
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number.
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction
CVE-2022-29845
6.5 - Medium
- May 11, 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
Inclusion of Functionality from Untrusted Control Sphere
A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0)
CVE-2018-8938
9.8 - Critical
- May 01, 2018
A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server.
Code Injection
An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0)
CVE-2018-8939
9.8 - Critical
- May 01, 2018
An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands.
SSRF
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1)
CVE-2018-5777
9.8 - Critical
- January 24, 2018
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors.
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1)
CVE-2018-5778
9.8 - Critical
- January 24, 2018
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors.
SQL Injection
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1
CVE-2004-0799
- October 20, 2004
The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm".
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Ipswitch Whatsup Gold or by Ipswitch? Click the Watch button to subscribe.
