1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Progress warns WhatsUp Gold has some critical security flaws, so

    From TechnologyDaily@1337:1/100 to All on Mon Sep 30 16:30:06 2024
    Progress warns WhatsUp Gold has some critical security flaws, so patch now

    Date:
    Mon, 30 Sep 2024 15:25:00 +0000

    Description:
    Six high-severity and critical vulnerabilities were addressed last week, but Progress isn't sharing specific details.

    FULL STORY ======================================================================

    WhatsUp Gold, a network monitoring solution built by Progress Software, carried numerous critical and high-severity vulnerabilities, which placed its users at great risk of different cyberattacks. The flaws were recently addressed, and the company urged the users to apply the fixes immediately.

    Progress recently published a new security advisory in which it warned
    WhatsUp Gold users of the flaws and announced the release of the patch.

    The advisory, however, does not discuss what the flaws are or how they might have been abused. Adding a chip to the cartridge

    The flaws are listed as:

    CVE-2024-46905: CVSS 8.8/10
    CVE-2024-46906: CVSS 8.8/10
    CVE-2024-46907: CVSS 8.8/10
    CVE-2024-46908: CVSS 8.8/10
    CVE-2024-46909: CVSS 9.8/10
    CVE-2024-8785: CVSS 9.8/10

    In total, there were six vulnerabilities, two of which are rated critical - 9.8/10.

    Progress Software said that the first fixed version is 24.0.1:

    "The WhatsUp Gold team has identified six vulnerabilities that exist in versions below 24.0.1," the advisory reads. "We are reaching out to all WhatsUp Gold customers to upgrade their environment as soon as possible to version 24.0.1, released on Friday, September 20. If you are running a
    version older than 24.0.1 and you do not upgrade, your environment will
    remain vulnerable."

    WhatsUp Gold is a network monitoring software designed to provide comprehensive visibility into an organizations IT infrastructure. It enables users to monitor devices, applications, servers, and network traffic in real time, helping to quickly identify and resolve performance issues.

    To install the latest version, visit Progress product list page , download
    the latest version, and run it on your WhatsUp Gold server. After that, just follow the prompts. Since there are no details about the flaws, we dont know if they have been abused in the wild already.

    Via BleepingComputer More from TechRadar Pro Progress warns Telerik Report Server has a critical security bug Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/progress-warns-whatsup-gold-has-some-cr itical-security-flaws-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)