← Back to CVEs
CVE-2022-29847
HIGH7.5
Description
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published5/11/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
progress:whatsup_gold
Weaknesses (CWE)
CWE-918
References
https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022(cve@mitre.org)
https://www.progress.com/network-monitoring(cve@mitre.org)
https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022(af854a3a-2127-422b-91ae-364da2661108)
https://www.progress.com/network-monitoring(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.