CVE-2022-29845

MEDIUM

Ipswitch WhatsUp Gold <22.0.0 - Info Disclosure

Title source: llm

Description

In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.

References (2)

[Product] https://www.progress.com/network-monitoring

[Vendor Advisory] https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022

Scores

CVSS v3 6.5

EPSS 0.4439

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-829

Status published

Products (3)

progress/whatsup_gold 21.1.0

progress/whatsup_gold 21.1.1

progress/whatsup_gold 22.0.0

Published May 11, 2022

Tracked Since Feb 18, 2026