CVE-2022-29847

CVE Database · CVE-2022-29847

CVE-2022-29847

· HIGHModified

CVSS v3.1

7.5

EPSS

55.86%

Published

May 11, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-918

Affected Products (2)

progress · whatsup_goldvulnerable

References (4)

https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022

Vendor Advisory

https://www.progress.com/network-monitoring

Product

https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022

Vendor Advisory

https://www.progress.com/network-monitoring

Product

KEV Catalog EPSS Scores Vendors All CVEs