Authenticated User API Transaction Vulnerability in Ipswitch WhatsUp Gold

Authenticated User API Transaction Vulnerability in Ipswitch WhatsUp Gold

CVE-2022-29848 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.

Learn more about our Api Penetration Testing.