← back
CVE-2022-29845

CVE-2022-29845

EPSS 3.9%
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 3.9%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
11 May 2022Published on NVD
22 Nov 2022Metasploit module available
Weaponization speed
194 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
Affected products
n/a · n/a