Details of VAR-202205-0591

ID

VAR-202205-0591

CVE

CVE-2022-29847

TITLE

Ipswitch, Inc. of WhatsUp Gold Server-side request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009622

DESCRIPTION

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. Ipswitch, Inc. of WhatsUp Gold Contains a server-side request forgery vulnerability.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-29847 // JVNDB: JVNDB-2022-009622 // VULHUB: VHN-421356 // VULMON: CVE-2022-29847

AFFECTED PRODUCTS

vendor:	progress	model:	whatsup gold	scope:	lte	version:	21.1.1	Trust: 1.0
vendor:	progress	model:	whatsup gold	scope:	gte	version:	21.0.0	Trust: 1.0
vendor:	progress	model:	whatsup gold	scope:	eq	version:	22.0.0	Trust: 1.0
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	22.0.0	Trust: 0.8
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	-	Trust: 0.8
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	21.0.0 to 21.1.1	Trust: 0.8
vendor:	ipswitch	model:	whatsup gold	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009622 // NVD: CVE-2022-29847

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29847
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-29847
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-3005
value:	HIGH
Trust: 0.6
VULHUB:	VHN-421356
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-29847
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-29847
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-421356
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-29847
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-29847
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-421356 // VULMON: CVE-2022-29847 // JVNDB: JVNDB-2022-009622 // CNNVD: CNNVD-202205-3005 // NVD: CVE-2022-29847

PROBLEMTYPE DATA

problemtype:	CWE-918	Trust: 1.1
problemtype:	Server-side request forgery (CWE-918) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-421356 // JVNDB: JVNDB-2022-009622 // NVD: CVE-2022-29847

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3005

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202205-3005

PATCH

title:

Progress Software WhatsUp Gold Fixes for code issue vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193695

Trust: 0.6

sources: CNNVD: CNNVD-202205-3005

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29847	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009622	Trust: 0.8
db:	CNNVD	id:	CNNVD-202205-3005	Trust: 0.6
db:	VULHUB	id:	VHN-421356	Trust: 0.1
db:	VULMON	id:	CVE-2022-29847	Trust: 0.1

sources: VULHUB: VHN-421356 // VULMON: CVE-2022-29847 // JVNDB: JVNDB-2022-009622 // CNNVD: CNNVD-202205-3005 // NVD: CVE-2022-29847

REFERENCES

url:	https://community.progress.com/s/article/whatsup-gold-critical-product-alert-may-2022	Trust: 2.6
url:	https://www.progress.com/network-monitoring	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29847	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-29847/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/918.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-421356 // VULMON: CVE-2022-29847 // JVNDB: JVNDB-2022-009622 // CNNVD: CNNVD-202205-3005 // NVD: CVE-2022-29847

SOURCES

db:	VULHUB	id:	VHN-421356
db:	VULMON	id:	CVE-2022-29847
db:	JVNDB	id:	JVNDB-2022-009622
db:	CNNVD	id:	CNNVD-202205-3005
db:	NVD	id:	CVE-2022-29847

LAST UPDATE DATE

2024-11-23T22:24:50.444000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-421356	date:	2022-05-20T00:00:00
db:	VULMON	id:	CVE-2022-29847	date:	2022-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2022-009622	date:	2023-08-07T08:13:00
db:	CNNVD	id:	CNNVD-202205-3005	date:	2022-05-23T00:00:00
db:	NVD	id:	CVE-2022-29847	date:	2024-11-21T06:59:48.553

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-421356	date:	2022-05-11T00:00:00
db:	VULMON	id:	CVE-2022-29847	date:	2022-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-009622	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-3005	date:	2022-05-11T00:00:00
db:	NVD	id:	CVE-2022-29847	date:	2022-05-11T18:15:29.097