Progress Software has recently rolled out updates to address six security vulnerabilities in WhatsUp Gold, including two critical ones.
The company disclosed that these issues have been fixed in version 24.0.1, which was released on September 20, 2024. The details of the vulnerabilities are yet to be disclosed, but they have been identified with the following CVE identifiers:
- CVE-2024-46905 (CVSS score: 8.8)
- CVE-2024-46906 (CVSS score: 8.8)
- CVE-2024-46907 (CVSS score: 8.8)
- CVE-2024-46908 (CVSS score: 8.8)
- CVE-2024-46909 (CVSS score: 9.8)
- CVE-2024-8785 (CVSS score: 9.8)
The discovery and reporting credits go to security researcher Sina Kheirkhah of Summoning Team for the first four flaws, Andy Niu of Trend Micro for CVE-2024-46909, and Tenable for CVE-2024-8785.
Trend Micro recently warned about threat actors exploiting PoC exploits for other known vulnerabilities in WhatsUp Gold. The Shadowserver Foundation also reported exploitation attempts against CVE-2024-4885, a critical bug resolved by Progress in June 2024.
Users of WhatsUp Gold are advised to apply the latest updates promptly to enhance security and protect against potential threats.