Progress Software has rolled out another round of updates, addressing six newly discovered security flaws in its network monitoring tool, WhatsUp Gold. Two of the vulnerabilities are rated as critical.
These issues were fixed in version 24.0.1, released on September 20, 2024. However, specific details about the flaws have not yet been disclosed by the company, except for their assigned CVE identifiers:
Security researcher Sina Kheirkhah of Summoning Team was credited for discovering and reporting the first four flaws. Andy Niu of Trend Micro was recognized for CVE-2024-46909, while Tenable was credited for CVE-2024-8785.
Notably, Trend Micro recently revealed that threat actors are actively exploiting proof-of-concept (PoC) exploits for other recently disclosed security vulnerabilities in WhatsUp Gold, leveraging these flaws for opportunistic attacks.
Earlier, the Shadowserver Foundation observed exploitation attempts against CVE-2024-4885 (CVSS score: 9.8), another critical flaw in WhatsUp Gold, which Progress Software had patched in June 2024.
Customers using WhatsUp Gold are strongly encouraged to apply the latest security updates immediately to mitigate the risk of potential attacks.
September 28, 2024
September 28, 2024
September 28, 2024
September 23, 2024
September 03, 2024
© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067
