Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities.
Problems, company saidwere resolved in version 24.0.1, released on September 20, 2024. The company has not yet released any details about the flaws, other than listing their CVE IDs –
- CVE-2024-46905 (CVSS score: 8.8)
- CVE-2024-46906 (CVSS score: 8.8)
- CVE-2024-46907 (CVSS score: 8.8)
- CVE-2024-46908 (CVSS score: 8.8)
- CVE-2024-46909 (CVSS score: 9.8) and
- CVE-2024-8785 (CVSS score: 9.8)
Security researcher Sina Heirkach of the Summoning Team is credited with discovering and reporting the first four flaws. Trend Micro’s Andy Niu was credited with CVE-2024-46909, and Tenable was credited with CVE-2024-8785.
It should be noted that recently Trend Micro informed that threat actors are actively using proof-of-concept (PoC) exploits for other recently discovered security flaws in WhatsUp Gold to conduct opportunistic attacks.
Formerly the Shadowserver Foundation said it observed attempts to exploit CVE-2024-4885 (CVSS score: 9.8), another critical bug in WhatsUp Gold that was resolved by Progress in June 2024.
WhatsUp Gold customers are encouraged to apply the latest patches as soon as possible to mitigate potential threats.
