CVE-2022-29845

CVE Database · CVE-2022-29845

CVE-2022-29845

· MEDIUMModified

CVSS v3.1

6.5

EPSS

3.91%

Published

May 11, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-829

Affected Products (3)

progress · whatsup_goldvulnerable

References (4)

https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022

Vendor Advisory

https://www.progress.com/network-monitoring

Product

https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022

Vendor Advisory

https://www.progress.com/network-monitoring

Product

KEV Catalog EPSS Scores Vendors All CVEs