Progress Software program has launched one other spherical of updates to deal with six security flaws in WhatsUp Gold, together with two vital vulnerabilities.
The problems, the corporate stated, have been resolved in model 24.0.1 launched on September 20, 2024. The corporate has but to launch any particulars about what the issues are aside from itemizing their CVE identifiers –
- CVE-2024-46905 (CVSS rating: 8.8)
- CVE-2024-46906 (CVSS rating: 8.8)
- CVE-2024-46907 (CVSS rating: 8.8)
- CVE-2024-46908 (CVSS rating: 8.8)
- CVE-2024-46909 (CVSS rating: 9.8), and
- CVE-2024-8785 (CVSS rating: 9.8)
Safety researcher Sina Kheirkhah of Summoning Workforce has been credited with discovering and reporting the primary 4 flaws. Andy Niu of Development Micro has been acknowledged for CVE-2024-46909, whereas Tenable has been credited for CVE-2024-8785.
It is value noting that Development Micro not too long ago reported that menace actors are actively exploiting proof-of-concept (PoC) exploits for different not too long ago disclosed security flaws in WhatsUp Gold to conduct opportunistic assaults.
Beforehand, the Shadowserver Basis stated it had noticed exploitation makes an attempt in opposition to CVE-2024-4885 (CVSS rating: 9.8), one other vital bug in WhatsUp Gold that was resolved by Progress in June 2024.
WhatsUp Gold Prospects are advisable to use the newest fixes as quickly as potential to mitigate potential threats.
