Details of VAR-202205-0717

ID

VAR-202205-0717

CVE

CVE-2022-29848

TITLE

Ipswitch, Inc. of WhatsUp Gold Server-side request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009431

DESCRIPTION

In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system. Ipswitch, Inc. of WhatsUp Gold Contains a server-side request forgery vulnerability.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-29848 // JVNDB: JVNDB-2022-009431 // VULHUB: VHN-421357 // VULMON: CVE-2022-29848

AFFECTED PRODUCTS

vendor:	progress	model:	whatsup gold	scope:	lte	version:	21.1.1	Trust: 1.0
vendor:	progress	model:	whatsup gold	scope:	eq	version:	22.0.0	Trust: 1.0
vendor:	progress	model:	whatsup gold	scope:	gte	version:	17.0.0	Trust: 1.0
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	17.0.0 to 21.1.1	Trust: 0.8
vendor:	ipswitch	model:	whatsup gold	scope:	-	version:	-	Trust: 0.8
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	22.0.0	Trust: 0.8
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009431 // NVD: CVE-2022-29848

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29848
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-29848
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202205-3004
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-421357
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-29848
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-29848
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-421357
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-29848
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-29848
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-421357 // VULMON: CVE-2022-29848 // JVNDB: JVNDB-2022-009431 // CNNVD: CNNVD-202205-3004 // NVD: CVE-2022-29848

PROBLEMTYPE DATA

problemtype:	CWE-918	Trust: 1.1
problemtype:	Server-side request forgery (CWE-918) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-421357 // JVNDB: JVNDB-2022-009431 // NVD: CVE-2022-29848

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3004

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202205-3004

PATCH

title:

Progress Software WhatsUp Gold Fixes for code issue vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193694

Trust: 0.6

sources: CNNVD: CNNVD-202205-3004

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29848	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009431	Trust: 0.8
db:	CNNVD	id:	CNNVD-202205-3004	Trust: 0.6
db:	VULHUB	id:	VHN-421357	Trust: 0.1
db:	VULMON	id:	CVE-2022-29848	Trust: 0.1

sources: VULHUB: VHN-421357 // VULMON: CVE-2022-29848 // JVNDB: JVNDB-2022-009431 // CNNVD: CNNVD-202205-3004 // NVD: CVE-2022-29848

REFERENCES

url:	https://community.progress.com/s/article/whatsup-gold-critical-product-alert-may-2022	Trust: 2.6
url:	https://www.progress.com/network-monitoring	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29848	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-29848/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/918.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-421357 // VULMON: CVE-2022-29848 // JVNDB: JVNDB-2022-009431 // CNNVD: CNNVD-202205-3004 // NVD: CVE-2022-29848

SOURCES

db:	VULHUB	id:	VHN-421357
db:	VULMON	id:	CVE-2022-29848
db:	JVNDB	id:	JVNDB-2022-009431
db:	CNNVD	id:	CNNVD-202205-3004
db:	NVD	id:	CVE-2022-29848

LAST UPDATE DATE

2024-11-23T22:24:50.338000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-421357	date:	2022-05-20T00:00:00
db:	VULMON	id:	CVE-2022-29848	date:	2022-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-009431	date:	2023-08-04T08:27:00
db:	CNNVD	id:	CNNVD-202205-3004	date:	2022-05-23T00:00:00
db:	NVD	id:	CVE-2022-29848	date:	2024-11-21T06:59:48.700

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-421357	date:	2022-05-11T00:00:00
db:	VULMON	id:	CVE-2022-29848	date:	2022-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-009431	date:	2023-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202205-3004	date:	2022-05-11T00:00:00
db:	NVD	id:	CVE-2022-29848	date:	2022-05-11T18:15:29.133