CVE-2022-29846
Published: 11 May 2022
Summary
CVE-2022-29846 is a medium-severity an unspecified weakness vulnerability in Progress Whatsup Gold. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 2.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-29846 is an information disclosure vulnerability in Progress Ipswitch WhatsUp Gold versions 16.1 through 21.1.1 and 22.0.0 that allows retrieval of the product's installation serial number. The flaw carries a CVSS 3.1 base score of 5.3 and is reachable without authentication or user interaction.
An unauthenticated attacker with network access can exploit the issue to obtain the serial number, resulting in limited confidentiality impact but no integrity or availability effects. The vulnerability is tracked under NVD-CWE-noinfo and was published on 11 May 2022.
Progress security advisories at the referenced community pages direct customers to apply available updates or configuration changes for WhatsUp Gold; the vendor's product site provides additional guidance on remediation steps. The associated EPSS score has remained flat at 0.3859 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-34164
Vulnerability details
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.