Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

Avatar
Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers – CVE-2024-46905 (CVSS score: 8.8) 
[[{“value”:”

Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities.

The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers –

CVE-2024-46905 (CVSS score: 8.8)
CVE-2024-46906 (CVSS score: 8.8)
CVE-2024-46907 (CVSS score: 8.8)
CVE-2024-46908 (CVSS score: 8.8)
CVE-2024-46909 (CVSS score: 9.8), and
CVE-2024-8785 (CVSS score: 9.8)

Security researcher Sina Kheirkhah of Summoning Team has been credited with discovering and reporting the first four flaws. Andy Niu of Trend Micro has been acknowledged for CVE-2024-46909, while Tenable has been credited for CVE-2024-8785.

It’s worth noting that Trend Micro recently reported that threat actors are actively exploiting proof-of-concept (PoC) exploits for other recently disclosed security flaws in WhatsUp Gold to conduct opportunistic attacks.

Previously, the Shadowserver Foundation said it had observed exploitation attempts against CVE-2024-4885 (CVSS score: 9.8), another critical bug in WhatsUp Gold that was resolved by Progress in June 2024.

WhatsUp Gold Customers are recommended to apply the latest fixes as soon as possible to mitigate potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

Next Post

UK national hacked public companies for stock trading intel, DOJ says

Related Posts