CVE-2022-29845

In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:progress:whatsup_gold:21.1.0:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:21.1.1:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:22.0.0:*:*:*:*:*:*:*

History

27 Aug 2024, 17:48

Type Values Removed Values Added
CPE cpe:2.3:a:ipswitch:whatsup_gold:21.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:whatsup_gold:21.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:whatsup_gold:22.0.0:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:22.0.0:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:21.1.1:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:21.1.0:*:*:*:*:*:*:*
First Time Progress
Progress whatsup Gold

20 May 2022, 16:53

Type Values Removed Values Added
CPE cpe:2.3:a:ipswitch:whatsup_gold:22.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:whatsup_gold:21.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:whatsup_gold:21.1.1:*:*:*:*:*:*:*
References (MISC) https://www.progress.com/network-monitoring - (MISC) https://www.progress.com/network-monitoring - Product
References (MISC) https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 - (MISC) https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 - Vendor Advisory
CWE CWE-829
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5

11 May 2022, 18:32

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-11 18:15

Updated : 2024-08-27 17:48


NVD link : CVE-2022-29845

Mitre link : CVE-2022-29845

CVE.ORG link : CVE-2022-29845


JSON object : View

Products Affected

progress

  • whatsup_gold
CWE
CWE-829

Inclusion of Functionality from Untrusted Control Sphere