September 27, 2024Ravie LakshmananSoftware Security/Vulnerability
Progress Software has released another update to address six security flaws in WhatsUp Gold, including two critical vulnerabilities.
According to the company, this issue is resolved in version 24.0.1, released on September 20, 2024. The company has not yet released any details about what the flaw is, other than listing the CVE identifier.
CVE-2024-46905 (CVSS score: 8.8) CVE-2024-46906 (CVSS score: 8.8) CVE-2024-46907 (CVSS score: 8.8) CVE-2024-46908 (CVSS score: 8.8) CVE-2024-46909 ( CVSS score: 9.8), and CVE-2024-8785 (CVSS score: 9.8)
Security researcher Sina Kheirkhah of the Summoning Team is credited with discovering and reporting the first four flaws. Trend Micro’s Andy Niu has been credited as the cause of CVE-2024-46909, and Tenable has been credited as the cause of CVE-2024-8785.
It is worth noting that Trend Micro recently reported that attackers are actively exploiting proof-of-concept (PoC) exploits for other security flaws recently revealed in WhatsUp Gold, conducting opportunistic attacks. Masu.
Previously, the Shadowserver Foundation announced that it had observed attempts to exploit CVE-2024-4885 (CVSS score: 9.8), another critical bug in WhatsUp Gold, which was reported by Progress in June 2024. Resolved.
WhatsUp Gold customers are encouraged to apply the latest fixes as soon as possible to mitigate potential threats.
Did you find this article interesting? Follow us Twitter ○ You can read more exclusive content from us on LinkedIn.
Source link
