CVE-2022-29848
MEDIUMProgress WhatsUp Gold 17.0.0-21.1.1 and 22.0.0 - Authenticated Server-Side Request Forgery
Title source: llmDescription
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.progress.com/network-monitoring
Vendor Advisory x_refsource_misc
https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022
Scores
CVSS v3
6.5
EPSS
0.6110
EPSS Percentile
98.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (2)
progress/whatsup_gold
22.0.0
progress/whatsup_gold
17.0.0 - 21.1.1
Published
May 11, 2022
Tracked Since
Feb 18, 2026