Cyber Resilience

CVE-2022-29846

Medium

Published: 11 May 2022

Published
11 May 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.3859 97.3th percentile
Risk Priority 34 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-29846 is a medium-severity an unspecified weakness vulnerability in Progress Whatsup Gold. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 2.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-29846 is an information disclosure vulnerability in Progress Ipswitch WhatsUp Gold versions 16.1 through 21.1.1 and 22.0.0 that allows retrieval of the product's installation serial number. The flaw carries a CVSS 3.1 base score of 5.3 and is reachable without authentication or user interaction.

An unauthenticated attacker with network access can exploit the issue to obtain the serial number, resulting in limited confidentiality impact but no integrity or availability effects. The vulnerability is tracked under NVD-CWE-noinfo and was published on 11 May 2022.

Progress security advisories at the referenced community pages direct customers to apply available updates or configuration changes for WhatsUp Gold; the vendor's product site provides additional guidance on remediation steps. The associated EPSS score has remained flat at 0.3859 with no material increase after disclosure.

EU & UK References

Vulnerability details

In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

progress
whatsup gold
22.0.0 · 16.1 — 21.1.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References