CVE-2022-29845: 
WhatsUp Gold vulnerability analysis and mitigation

CVE-2022-29845 is a local file disclosure vulnerability affecting Ipswitch WhatsUp Gold versions 21.1.0 through 21.1.1, and 22.0.0. The vulnerability was disclosed on May 11, 2022, and allows an authenticated user to invoke an API transaction that would enable them to read the contents of local files on the system (NVD, Assetnote).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs low-level privileges, and doesn't require user interaction. The impact primarily affects confidentiality, with no impact on integrity or availability (NVD).

When exploited, this vulnerability allows authenticated users to read the contents of local files on the system. The vulnerability has high confidentiality impact as it could potentially expose sensitive information stored in local files (NVD, Assetnote).

Progress has released patches to address this vulnerability. Users are advised to update to the latest version of WhatsUp Gold as detailed in the vendor's advisory (Progress Advisory).