Sign-up

ID

VAR-202205-0813


CVE

CVE-2022-29845


TITLE

Ipswitch, Inc.  of  WhatsUp Gold  Vulnerability in incorporating functionality from untrusted control areas in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009624

DESCRIPTION

In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. Ipswitch, Inc. of WhatsUp Gold Contains a vulnerability in incorporating functionality from an untrusted control area.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-29845 // JVNDB: JVNDB-2022-009624 // VULHUB: VHN-421354 // VULMON: CVE-2022-29845

AFFECTED PRODUCTS

vendor:progressmodel:whatsup goldscope:eqversion:21.1.1

Trust: 1.0

vendor:progressmodel:whatsup goldscope:eqversion:22.0.0

Trust: 1.0

vendor:progressmodel:whatsup goldscope:eqversion:21.1.0

Trust: 1.0

vendor:ipswitchmodel:whatsup goldscope:eqversion:22.0.0

Trust: 0.8

vendor:ipswitchmodel:whatsup goldscope: - version: -

Trust: 0.8

vendor:ipswitchmodel:whatsup goldscope:eqversion:21.1.1

Trust: 0.8

vendor:ipswitchmodel:whatsup goldscope:eqversion:21.1.0

Trust: 0.8

vendor:ipswitchmodel:whatsup goldscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-009624 // NVD: CVE-2022-29845

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-29845
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-29845
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202205-3007
value: MEDIUM

Trust: 0.6

VULHUB: VHN-421354
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-29845
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-29845
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-421354
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-29845
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-29845
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-421354 // VULMON: CVE-2022-29845 // JVNDB: JVNDB-2022-009624 // CNNVD: CNNVD-202205-3007 // NVD: CVE-2022-29845

PROBLEMTYPE DATA

problemtype:CWE-829

Trust: 1.1

problemtype:Incorporating features from untrusted control areas (CWE-829) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-421354 // JVNDB: JVNDB-2022-009624 // NVD: CVE-2022-29845

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3007

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-3007

PATCH

title:Progress Software WhatsUp Gold Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193697

Trust: 0.6

sources: CNNVD: CNNVD-202205-3007

EXTERNAL IDS

db:NVDid:CVE-2022-29845

Trust: 3.4

db:JVNDBid:JVNDB-2022-009624

Trust: 0.8

db:CNNVDid:CNNVD-202205-3007

Trust: 0.6

db:VULHUBid:VHN-421354

Trust: 0.1

db:VULMONid:CVE-2022-29845

Trust: 0.1

sources: VULHUB: VHN-421354 // VULMON: CVE-2022-29845 // JVNDB: JVNDB-2022-009624 // CNNVD: CNNVD-202205-3007 // NVD: CVE-2022-29845

REFERENCES

url:https://community.progress.com/s/article/whatsup-gold-critical-product-alert-may-2022

Trust: 2.6

url:https://www.progress.com/network-monitoring

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-29845

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-29845/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/829.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-421354 // VULMON: CVE-2022-29845 // JVNDB: JVNDB-2022-009624 // CNNVD: CNNVD-202205-3007 // NVD: CVE-2022-29845

SOURCES

db:VULHUBid:VHN-421354
db:VULMONid:CVE-2022-29845
db:JVNDBid:JVNDB-2022-009624
db:CNNVDid:CNNVD-202205-3007
db:NVDid:CVE-2022-29845

LAST UPDATE DATE

2024-11-23T22:50:48.446000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-421354date:2022-05-20T00:00:00
db:VULMONid:CVE-2022-29845date:2022-05-20T00:00:00
db:JVNDBid:JVNDB-2022-009624date:2023-08-07T08:13:00
db:CNNVDid:CNNVD-202205-3007date:2022-05-23T00:00:00
db:NVDid:CVE-2022-29845date:2024-11-21T06:59:48.250

SOURCES RELEASE DATE

db:VULHUBid:VHN-421354date:2022-05-11T00:00:00
db:VULMONid:CVE-2022-29845date:2022-05-11T00:00:00
db:JVNDBid:JVNDB-2022-009624date:2023-08-07T00:00:00
db:CNNVDid:CNNVD-202205-3007date:2022-05-11T00:00:00
db:NVDid:CVE-2022-29845date:2022-05-11T18:15:29.020