Progress Software has unveiled the latest updates to tackle six security vulnerabilities in WhatsUp Gold, with two critical flaws included in the patch. The company has taken swift action, releasing version 24.0.1 on September 20, 2024, to address the issues. While specific details about the vulnerabilities have not been disclosed, they are identified by their CVE numbers:
- CVE-2024-46905 (CVSS score: 8.8)
- CVE-2024-46906 (CVSS score: 8.8)
- CVE-2024-46907 (CVSS score: 8.8)
- CVE-2024-46908 (CVSS score: 8.8)
- CVE-2024-46909 (CVSS score: 9.8)
- CVE-2024-8785 (CVSS score: 9.8)
The discovery and reporting of the first four vulnerabilities are credited to security researcher Sina Kheirkhah of Summoning Team, while Andy Niu of Trend Micro identified CVE-2024-46909. CVE-2024-8785 was acknowledged by Tenable.
Trend Micro recently warned of threat actors exploiting proof-of-concept exploits for other disclosed vulnerabilities in WhatsUp Gold, emphasizing the importance of prompt security updates. Previously, the Shadowserver Foundation reported attempts to exploit CVE-2024-4885 (CVSS score: 9.8) after Progress addressed it in June 2024.
Customers using WhatsUp Gold are strongly advised to apply the latest patches to safeguard against potential threats.