CVE-2022-29847

Published: May 11, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.

Affected (2)

Products: Progress: Whatsup Gold

Progress

1 product

Whatsup Gold

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Progress Whatsup Gold	From 21.0.0 to 21.1.1
Progress Whatsup Gold	Version 22.0.0

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022

Source: cve@mitre.org

Vendor Advisory

https://www.progress.com/network-monitoring

Source: cve@mitre.org

Product

https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.progress.com/network-monitoring

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.