In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
References
Link | Resource |
---|---|
https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 | Vendor Advisory |
https://www.progress.com/network-monitoring | Product |
Configurations
Configuration 1 (hide)
|
History
27 Aug 2024, 17:48
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ipswitch:whatsup_gold:21.1.0:*:*:*:*:*:*:* cpe:2.3:a:ipswitch:whatsup_gold:22.0.0:*:*:*:*:*:*:* |
cpe:2.3:a:progress:whatsup_gold:22.0.0:*:*:*:*:*:*:* cpe:2.3:a:progress:whatsup_gold:21.1.1:*:*:*:*:*:*:* cpe:2.3:a:progress:whatsup_gold:21.1.0:*:*:*:*:*:*:* |
First Time |
Progress
Progress whatsup Gold |
20 May 2022, 16:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ipswitch:whatsup_gold:22.0.0:*:*:*:*:*:*:* cpe:2.3:a:ipswitch:whatsup_gold:21.1.0:*:*:*:*:*:*:* cpe:2.3:a:ipswitch:whatsup_gold:21.1.1:*:*:*:*:*:*:* |
|
References | (MISC) https://www.progress.com/network-monitoring - Product | |
References | (MISC) https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 - Vendor Advisory | |
CWE | CWE-829 | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
11 May 2022, 18:32
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-11 18:15
Updated : 2024-08-27 17:48
NVD link : CVE-2022-29845
Mitre link : CVE-2022-29845
CVE.ORG link : CVE-2022-29845
JSON object : View
Products Affected
progress
- whatsup_gold
CWE
CWE-829
Inclusion of Functionality from Untrusted Control Sphere