In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Link | Tags |
---|---|
https://www.progress.com/network-monitoring | product |
https://community.progress.com/s/article/WhatsUp-Gold-Critical-Product-Alert-May-2022 | vendor advisory |