CVE-2022-29846
published 2022-05-11CVE-2022-29846: In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation…
PriorityP341medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
5.13%
91.3th percentile
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | whatsup_gold | — | — |
| progress | whatsup_gold | 16.1 – 21.1.1 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cwqg-fwcg-crfg: In Progress Ipswitch WhatsUp Gold 16
ghsa_unreviewed·2022-05-12
CVE-2022-29846 [MEDIUM] CWE-200 GHSA-cwqg-fwcg-crfg: In Progress Ipswitch WhatsUp Gold 16
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number.
Ivanti
Ivanti Security Advisory: CVE-2024-29846
vendor_ivanti·2024-05-31·CVSS 8.0
CVE-2024-29846 [HIGH] CWE-89 Ivanti Security Advisory: CVE-2024-29846
Ivanti Security Advisory: CVE-2024-29846
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVE IDs: CVE-2024-29846
CVSS Base Score: 8.0
Severity: HIGH
CWEs: CWE-89
No detection rules found.
No writeups or analysis indexed.
2022-05-11
Published