CVE-2022-29848

CVE Database · CVE-2022-29848

CVE-2022-29848

· MEDIUMModified

CVSS v3.1

6.5

EPSS

3.51%

Published

May 11, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-918

Affected Products (2)

progress · whatsup_goldvulnerable

References (4)

https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022

Vendor Advisory

https://www.progress.com/network-monitoring

Product

https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022

Vendor Advisory

https://www.progress.com/network-monitoring

Product

KEV Catalog EPSS Scores Vendors All CVEs