Cyber Resilience

CVE-2022-29848

Medium

Published: 11 May 2022

Published
11 May 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.6110 98.3th percentile
Risk Priority 50 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-29848 is a medium-severity SSRF (CWE-918) vulnerability in Progress Whatsup Gold. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 1.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-29848 affects Progress Ipswitch WhatsUp Gold versions 17.0.0 through 21.1.1 and 22.0.0. The flaw is an instance of server-side request forgery (CWE-918) that permits an authenticated user to invoke an API call returning sensitive operating-system attributes from any host reachable by the WhatsUp Gold server. The issue carries a CVSS 3.1 base score of 6.5.

An attacker who already possesses valid credentials can exploit the vulnerability over the network to obtain high-impact confidentiality data from monitored hosts without user interaction. Because the request originates from the WhatsUp Gold server itself, the attacker can reach internal systems that would otherwise be inaccessible.

Public advisories published by Progress in May 2022 reference the affected product versions and direct administrators to the vendor’s network-monitoring support pages for further guidance.

The associated EPSS score reached a peak of 0.6110, indicating material post-disclosure exploitation interest.

EU & UK References

Vulnerability details

In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp…

more

Gold system.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

progress
whatsup gold
22.0.0 · 17.0.0 — 21.1.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-918

Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.

addresses: CWE-918

Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.

addresses: CWE-918

Validates server-side URLs and resource references to block SSRF attempts.

addresses: CWE-918

Detects server-side request forgery through monitoring of unexpected outbound connections.

References