CVE-2022-29846: 
WhatsUp Gold vulnerability analysis and mitigation

In Progress Ipswitch WhatsUp Gold versions 16.1 through 21.1.1, and 22.0.0, an unauthenticated attacker can obtain the WhatsUp Gold installation serial number. This vulnerability was discovered and reported in April 2022 (Assetnote Advisory).

The vulnerability exists due to an exposed functionality that reveals the product's serial number, which is used as part of the encryption algorithm for securing sensitive data. The issue was assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that it can be exploited remotely without requiring privileges or user interaction (NVD).

While the direct impact of this vulnerability might seem limited, when chained with other vulnerabilities, it can lead to critical security implications. The serial number disclosure can be used to decrypt encrypted passwords stored in the application, potentially leading to unauthorized access to the WhatsUp Gold system (Assetnote Research).

Progress has released patches to address this vulnerability. Users are strongly advised to upgrade to the latest version of WhatsUp Gold. The vendor has provided detailed remediation information in their knowledge base article (Progress Advisory).