September 27, 2024 at 08:02AM
Progress Software recently identified and warned customers about six vulnerabilities in WhatsUp Gold, urging them to upgrade to version 24.0.1 to address these issues. The vulnerabilities, including SQL injection and remote code execution flaws, were reported by various security researchers and have been exploited by attackers. Progress has released patches but has yet to provide detailed information.
It looks like the meeting notes highlight several critical and high-severity vulnerabilities in Progress Software’s WhatsUp Gold network monitoring tool. The notes emphasize the urgency of patching these vulnerabilities, with specific instructions to upgrade to version 24.0.1, which was released on September 20. The vulnerabilities were reported by various security researchers and assigned CVE IDs with corresponding CVSS base scores.
Additionally, there is mention of BleepingComputer’s attempt to obtain more details from Progress about these flaws, but a response was not immediately available.
Furthermore, it is stated that attackers have been exploiting two SQL injection vulnerabilities in WhatsUp Gold, which were patched on August 16 after being reported by security researcher Sina Kheirkhah. There is also information that Kheirkhah released proof-of-concept (PoC) exploit code for these vulnerabilities, which attackers have allegedly used to bypass authentication and achieve remote code execution.
Lastly, the notes mention the observation of exploitation attempts for another critical vulnerability in WhatsUp Gold, which was disclosed in June and later detailed by Kheirkhah on his blog.
Overall, the meeting notes provide a comprehensive overview of the vulnerabilities, the patching process, and ongoing exploitation activities related to WhatsUp Gold.