CVE-2022-29848

{"id": "CVE-2022-29848", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-05-11T18:15:29.133", "references": [{"url": "https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.progress.com/network-monitoring", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.progress.com/network-monitoring", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system."}, {"lang": "es", "value": "En Progress Ipswitch WhatsUp Gold versiones 17.0.0 hasta 21.1.1, y 22.0.0, es posible que un usuario autenticado invoque una transacci\u00f3n de la API que le permita leer atributos confidenciales del sistema operativo desde un host que sea accesible por el sistema WhatsUp Gold"}], "lastModified": "2024-11-21T06:59:48.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA0FBE52-07D5-4734-B392-839B7B04A778", "versionEndIncluding": "21.1.1", "versionStartIncluding": "17.0.0"}, {"criteria": "cpe:2.3:a:progress:whatsup_gold:22.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BD18B7A-B6F3-4459-8DA8-7F7F1EE7A426"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}