CVE-2022-29845

In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:progress:whatsup_gold:21.1.0:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:21.1.1:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:22.0.0:*:*:*:*:*:*:*

History

27 Aug 2024, 17:48

Type Values Removed Values Added
CPE cpe:2.3:a:ipswitch:whatsup_gold:21.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:whatsup_gold:22.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ipswitch:whatsup_gold:21.1.0:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:21.1.0:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:22.0.0:*:*:*:*:*:*:*
cpe:2.3:a:progress:whatsup_gold:21.1.1:*:*:*:*:*:*:*
First Time Progress
Progress whatsup Gold

Information

Published : 2022-05-11 18:15

Updated : 2024-08-27 17:48


NVD link : CVE-2022-29845

Mitre link : CVE-2022-29845

CVE.ORG link : CVE-2022-29845


JSON object : View

Products Affected

progress

  • whatsup_gold
CWE
CWE-829

Inclusion of Functionality from Untrusted Control Sphere