Uncategorized

Progress warns WhatsUp Gold has some critical security flaws, so patch now

Six high-severity and critical vulnerabilities were addressed last week, but Progress isn’t sharing specific details.

WhatsUp Gold, a network monitoring solution built by Progress Software, carried numerous critical and high-severity vulnerabilities, which placed its users at great risk of different cyberattacks. The flaws were recently addressed, and the company urged the users to apply the fixes immediately.

Progress recently published a new security advisory in which it warned WhatsUp Gold users of the flaws and announced the release of the patch.

The advisory, however, does not discuss what the flaws are or how they might have been abused.

Adding a chip to the cartridge

The flaws are listed as:

CVE-2024-46905: CVSS 8.8/10
CVE-2024-46906: CVSS 8.8/10
CVE-2024-46907: CVSS 8.8/10
CVE-2024-46908: CVSS 8.8/10
CVE-2024-46909: CVSS 9.8/10
CVE-2024-8785: CVSS 9.8/10

In total, there were six vulnerabilities, two of which are rated critical – 9.8/10.

Progress Software said that the first fixed version is 24.0.1:

“The WhatsUp Gold team has identified six vulnerabilities that exist in versions below 24.0.1,” the advisory reads. “We are reaching out to all WhatsUp Gold customers to upgrade their environment as soon as possible to version 24.0.1, released on Friday, September 20. If you are running a version older than 24.0.1 and you do not upgrade, your environment will remain vulnerable.”

WhatsUp Gold is a network monitoring software designed to provide comprehensive visibility into an organization’s IT infrastructure. It enables users to monitor devices, applications, servers, and network traffic in real time, helping to quickly identify and resolve performance issues.

To install the latest version, visit Progress’ product list page, download the latest version, and run it on your WhatsUp Gold server. After that, just follow the prompts. Since there are no details about the flaws, we don’t know if they have been abused in the wild already.

Via BleepingComputer

More from TechRadar Pro

Progress warns Telerik Report Server has a critical security bugHere’s a list of the best firewalls around todayThese are the best endpoint security tools right now

Read More 

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top
Generated by Feedzy