Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".
Max CVSS
7.5
EPSS Score
1.14%
Published
2006-05-22
Updated
2018-10-18
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).
Max CVSS
7.5
EPSS Score
96.31%
Published
2005-06-22
Updated
2008-09-05
2 vulnerabilities found