[原文]NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter.
Ipswitch WhatsUp Professional RenderMap.asp Information Disclosure
Remote / Network Access
Loss of Confidentiality
WhatsUp Professional contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the 'NmConsole/utility/RenderMap.asp' script does not properly authenticate requests made via the 'nDeviceGroupID' variable. This will disclose information about monitored devices, resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.