Progress Software Corporation, a global provider of products to develop, deploy, and manage high-impact business applications, has issued a critical security bulletin for its WhatsUp Gold network monitoring software. The bulletin details three vulnerabilities that could allow attackers to gain unauthorized access to WhatsUp Gold servers, configure LDAP settings, and disclose sensitive information.
The most severe vulnerability (CVE-2024-12108) has a CVSS score of 9.6 and allows attackers to gain complete control of the WhatsUp Gold server via the public API. The second vulnerability (CVE-2024-12106, CVSS 9.4) enables unauthenticated attackers to configure LDAP settings, potentially leading to unauthorized access and data breaches. The third vulnerability (CVE-2024-12105, CVSS 6.5) allows authenticated users to extract sensitive information through specially crafted HTTP requests.
These vulnerabilities, if left unaddressed, could lead to severe security breaches, including unauthorized access, data manipulation, and sensitive information disclosure. The high CVSS scores for CVE-2024-12108 and CVE-2024-12106 underscore the critical nature of the threats.
Progress strongly advises all WhatsUp Gold users to immediately upgrade their environments to version 24.0.2 to address these vulnerabilities. The latest version includes patches for all three vulnerabilities, ensuring enhanced security and protection against potential attacks. Users can download the updated installer from the Progress community website and follow the provided instructions to upgrade their WhatsUp Gold server.
Related Posts:
- CISA Flags Two Actively Exploited Vulnerabilities: Critical Threats to Windows and WhatsUp Gold
- Critical Vulnerabilities in Progress WhatsUp Gold Demand Immediate Action
- WhatsUp Gold Under Attack: New RCE Vulnerabilities Exploited
- Proof-of-Concept Exploit Released for WhatsUp Gold Authentication Bypass (CVE-2024-6670)
- Bitcoin Gold Hacked: Lose $18 Million
