Description
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.progress.com/network-monitoring
Vendor Advisory x_refsource_misc
https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022
Scores
CVSS v3
6.5
EPSS
0.0391
EPSS Percentile
88.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-829
Status
published
Products (3)
progress/whatsup_gold
21.1.0
progress/whatsup_gold
21.1.1
progress/whatsup_gold
22.0.0
Published
May 11, 2022
Tracked Since
Feb 18, 2026