Progress Software program has launched one other spherical of updates to deal with six safety flaws in WhatsUp Gold, together with two essential vulnerabilities.
The problems, the corporate stated, have been resolved in model 24.0.1 launched on September 20, 2024. The corporate has but to launch any particulars about what the issues are aside from itemizing their CVE identifiers –
- CVE-2024-46905 (CVSS rating: 8.8)
- CVE-2024-46906 (CVSS rating: 8.8)
- CVE-2024-46907 (CVSS rating: 8.8)
- CVE-2024-46908 (CVSS rating: 8.8)
- CVE-2024-46909 (CVSS rating: 9.8), and
- CVE-2024-8785 (CVSS rating: 9.8)
Safety researcher Sina Kheirkhah of Summoning Staff has been credited with discovering and reporting the primary 4 flaws. Andy Niu of Pattern Micro has been acknowledged for CVE-2024-46909, whereas Tenable has been credited for CVE-2024-8785.
It is price noting that Pattern Micro lately reported that menace actors are actively exploiting proof-of-concept (PoC) exploits for different lately disclosed safety flaws in WhatsUp Gold to conduct opportunistic assaults.
Beforehand, the Shadowserver Basis stated it had noticed exploitation makes an attempt towards CVE-2024-4885 (CVSS rating: 9.8), one other essential bug in WhatsUp Gold that was resolved by Progress in June 2024.
WhatsUp Gold Prospects are really useful to use the most recent fixes as quickly as doable to mitigate potential threats.
