CVE-2022-29847
HIGHProgress WhatsUp Gold 21.0.0-21.1.1 and 22.0.0 - Unauthenticated Server-Side Request Forgery
Title source: llmDescription
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.progress.com/network-monitoring
Vendor Advisory x_refsource_misc
https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022
Scores
CVSS v3
7.5
EPSS
0.8474
EPSS Percentile
99.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (2)
progress/whatsup_gold
22.0.0
progress/whatsup_gold
21.0.0 - 21.1.1
Published
May 11, 2022
Tracked Since
Feb 18, 2026