September 27, 2024 at 12:42PM
Progress Software has addressed six security flaws in WhatsUp Gold, including two critical vulnerabilities, through updates in version 24.0.1. The CVE identifiers for the flaws and their respective CVSS scores have been listed. Security researcher Sina Kheirkhah and others have been credited with discovering and reporting the flaws. Users are advised to apply the latest fixes promptly.
Key takeaways from the meeting notes:
– Progress Software has released version 24.0.1 on September 20, 2024, to address six security flaws in WhatsUp Gold, including two critical vulnerabilities.
– The six flaws are identified by the following CVEs: 2024-46905, 2024-46906, 2024-46907, 2024-46908, 2024-46909, and 2024-8785.
– Security researcher Sina Kheirkhah of Summoning Team discovered and reported the first four flaws, while Andy Niu of Trend Micro was acknowledged for CVE-2024-46909, and Tenable has been credited for CVE-2024-8785.
– Trend Micro reported that threat actors are actively exploiting proof-of-concept (PoC) exploits for other recently disclosed security flaws in WhatsUp Gold to conduct opportunistic attacks.
– Previously, the Shadowserver Foundation observed exploitation attempts against CVE-2024-4885, another critical bug in WhatsUp Gold, which was resolved by Progress in June 2024.
– WhatsUp Gold customers are advised to apply the latest fixes promptly to mitigate potential threats.
Let me know if you need further information or details.