← back
CVE-2022-29847

CVE-2022-29847

EPSS 55.9%
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 55.9%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
11 May 2022Published on NVD
22 Nov 2022Metasploit module available
Weaponization speed
194 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.
Affected products
n/a · n/a