Vulnerability Details : CVE-2022-29845
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
Products affected by CVE-2022-29845
- cpe:2.3:a:progress:whatsup_gold:21.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:progress:whatsup_gold:21.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:progress:whatsup_gold:22.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-29845
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-29845
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-29845
-
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-29845
-
https://www.progress.com/network-monitoring
WhatsUp Gold Network Monitoring Software | ProgressProduct
-
https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022
WhatsUp Gold Critical Product Alert – May 2022 - Progress CommunityVendor Advisory
Jump to