← back
CVE-2022-29848

CVE-2022-29848

EPSS 3.5%
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 3.5%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
11 May 2022Published on NVD
22 Nov 2022Metasploit module available
Weaponization speed
194 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.
Affected products
n/a · n/a