CVE-2022-29847

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.

Published: May 11, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-29847
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
progress / whatsup_gold	22.0.0	22.0.0.x
progress / whatsup_gold	21.0.0	21.1.1.x

https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022
https://www.progress.com/network-monitoring

Vulnerability Database

290,278

CVE-2022-29847