CVSS: 6.5EPSS: 56%CPEs: 2EXPL: 0CVE-2022-29848
https://notcve.org/view.php?id=CVE-2022-29848
11 May 2022 — In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system. En Progress Ipswitch WhatsUp Gold versiones 17.0.0 hasta 21.1.1, y 22.0.0, es posible que un usuario autenticado invoque una transacción de la API que le permita leer atributos confidenciales del sistema operativo desde un host que sea accesible ... • https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 88%CPEs: 2EXPL: 0CVE-2022-29847
https://notcve.org/view.php?id=CVE-2022-29847
11 May 2022 — In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. En Progress Ipswitch WhatsUp Gold versiones 21.0.0 hasta 21.1.1, y 22.0.0, es posible que un atacante no autenticado invoque una transacción de API que le permita transmitir credenciales de usuario de WhatsUp Gold cifradas a un host arbitrario • https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 37%CPEs: 2EXPL: 0CVE-2022-29846
https://notcve.org/view.php?id=CVE-2022-29846
11 May 2022 — In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. En Ipswitch Progress WhatsUp Gold versiones 16.1 hasta 21.1.1, y 22.0.0, es posible que un atacante no autenticado obtenga el número de serie de la instalación de WhatsUp Gold • https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 •
CVSS: 6.5EPSS: 42%CPEs: 3EXPL: 0CVE-2022-29845
https://notcve.org/view.php?id=CVE-2022-29845
11 May 2022 — In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. En Progress Ipswitch WhatsUp Gold versiones 21.1.0 hasta 21.1.1, y 22.0.0, es posible que un usuario autenticado invoque una transacción API que le permita leer el contenido de un archivo local • https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18464
https://notcve.org/view.php?id=CVE-2019-18464
31 Oct 2019 — In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database. En Prog... • https://community.ipswitch.com/s/article/SQL-Injection-Vulnerability-2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18465
https://notcve.org/view.php?id=CVE-2019-18465
31 Oct 2019 — In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used. En Progress MOVEit Transfer versiones 11.1 anteriores a 11.1.3, se ha encontrado una vulnerabilidad que podría permitir a un atacante iniciar sesión sin credenciales completas por medio de la interfaz SSH (SFTP).... • https://community.ipswitch.com/s/article/SFTP-Auth-Vulnerability • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 2CVE-2019-16383 – MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2019-16383
24 Sep 2019 — MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection. La biblioteca MOVEit.DMZ.WebApi.dll en Progress MOVEit ... • https://packetstorm.news/files/id/157208 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12146
https://notcve.org/view.php?id=CVE-2019-12146
11 Jun 2019 — A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a flaw in the SCP listener by crafting strings using specific patterns to write files and create directories outside of their authorized directory. Fue descubierto un problema de cruces de directorios en SSHServerAPI.dll en Progress ipswithc WS_FTP Server 2018 anterior 8.6.1. los atacantes tienen la habilidad para abusar de un defecto en el oyente SCP, medi... • https://docs.ipswitch.com/WS_FTP_Server2018/ReleaseNotes/index.htm#49242.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12145
https://notcve.org/view.php?id=CVE-2019-12145
11 Jun 2019 — A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose path names on the host operating system. Se descubrió un problema de cruce de directorios en SSHServerAPI.dll en progreso ipswitch WS_FTP Server 2018 anterior de 8.6.1. Un atacante puede suministrar una cadena utilizando patrones especiales a través del protocolo SCP para revelar nombres de ruta en el sist... • https://docs.ipswitch.com/WS_FTP_Server2018/ReleaseNotes/index.htm#49242.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12144
https://notcve.org/view.php?id=CVE-2019-12144
11 Jun 2019 — An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses the SITE command feature. Un problema fue descubierto en SSHServerAPI.dll en Progress ipswitch WS_FTP Server 2018 anterior 8.6.1. los atacantes tienen la habilidad para abusar de una vulnerabilidad de un giro de ruta... • https://docs.ipswitch.com/WS_FTP_Server2018/ReleaseNotes/index.htm#49242.htm • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •