CVE-2022-29848

In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:22.0.0:*:*:*:*:*:*:*

History

27 Aug 2024, 17:48

Type Values Removed Values Added
CPE cpe:2.3:a:ipswitch:whatsup_gold:*:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:whatsup_gold:22.0.0:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:22.0.0:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*
First Time Progress
Progress whatsup Gold

20 May 2022, 14:37

Type Values Removed Values Added
CPE cpe:2.3:a:ipswitch:whatsup_gold:22.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:whatsup_gold:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 6.5
CWE CWE-918
References (MISC) https://www.progress.com/network-monitoring - (MISC) https://www.progress.com/network-monitoring - Product
References (MISC) https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 - (MISC) https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 - Vendor Advisory

11 May 2022, 18:32

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-11 18:15

Updated : 2024-08-27 17:48


NVD link : CVE-2022-29848

Mitre link : CVE-2022-29848

CVE.ORG link : CVE-2022-29848


JSON object : View

Products Affected

progress

  • whatsup_gold
CWE
CWE-918

Server-Side Request Forgery (SSRF)