{"api_version":"1","generated_at":"2026-05-15T00:08:52+00:00","cve":"CVE-2012-4344","urls":{"html":"https://cve.report/CVE-2012-4344","api":"https://cve.report/api/cve/CVE-2012-4344.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-4344","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-4344"},"summary":{"title":"CVE-2012-4344","description":"Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host.","state":"PUBLISHED","assigner":"mitre","published_at":"2012-08-15 22:55:02","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77150","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77150","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.exploit-db.com/exploits/20035","name":"http://www.exploit-db.com/exploits/20035","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Ipswitch WhatsUp Gold 15.02 Stored XSS - Blind SQLi - RCE","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/777007","name":"http://www.kb.cert.org/vuls/id/777007","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Vulnerability Note VU#777007 - Ipswitch WhatsUp Gold 15.02 contains SQL injection and XSS vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-4344","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4344","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"4344","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"progress","cpe5":"whatsup_gold","cpe6":"15.02","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T20:35:08.601Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"ipswitch-whatsupgold-snmpd-xss(77150)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77150"},{"name":"20035","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"http://www.exploit-db.com/exploits/20035"},{"name":"VU#777007","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/777007"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2012-07-22T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"ipswitch-whatsupgold-snmpd-xss(77150)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77150"},{"name":"20035","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"http://www.exploit-db.com/exploits/20035"},{"name":"VU#777007","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/777007"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2012-4344","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ipswitch-whatsupgold-snmpd-xss(77150)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77150"},{"name":"20035","refsource":"EXPLOIT-DB","url":"http://www.exploit-db.com/exploits/20035"},{"name":"VU#777007","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/777007"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2012-4344","datePublished":"2012-08-15T22:00:00.000Z","dateReserved":"2012-08-15T00:00:00.000Z","dateUpdated":"2024-08-06T20:35:08.601Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2012-08-15 22:55:02","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:progress:whatsup_gold:15.02:*:*:*:*:*:*:*","matchCriteriaId":"26F26C84-97D6-47E4-8AEC-27BF272BA17F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"4344","Ordinal":"1","Title":"CVE-2012-4344","CVE":"CVE-2012-4344","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"4344","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host.","Type":"Description","Title":"CVE-2012-4344"},{"CveYear":"2012","CveId":"4344","Ordinal":"2","NoteData":"2012-08-15","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"4344","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}