CVE-2022-29845
CVE-2022-29845
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 3.9%KEV nãoPoC —Nuclei —Metasploit simPatch —
Lifecycle
11 May 2022Published on NVD
22 Nov 2022Metasploit module available
Weaponization speed
194 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
Affected products
n/a · n/a