Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Progress warns WhatsUp Gold has some critical security flaws, so patch now

Representational image depecting cybersecurity protection.

WhatsUp Gold, a network monitoring solution built by Progress Software, carried numerous critical and high-severity vulnerabilities, which placed its users at great risk of different cyberattacks. The flaws were recently addressed, and the company urged the users to apply the fixes immediately.

Progress recently published a new security advisory in which it warned WhatsUp Gold users of the flaws and announced the release of the patch.

The advisory, however, does not discuss what the flaws are or how they might have been abused.

Adding a chip to the cartridge

The flaws are listed as:

CVE-2024-46905: CVSS 8.8/10
CVE-2024-46906: CVSS 8.8/10
CVE-2024-46907: CVSS 8.8/10
CVE-2024-46908: CVSS 8.8/10
CVE-2024-46909: CVSS 9.8/10
CVE-2024-8785: CVSS 9.8/10

In total, there were six vulnerabilities, two of which are rated critical - 9.8/10.

Progress Software said that the first fixed version is 24.0.1:

"The WhatsUp Gold team has identified six vulnerabilities that exist in versions below 24.0.1," the advisory reads. "We are reaching out to all WhatsUp Gold customers to upgrade their environment as soon as possible to version 24.0.1, released on Friday, September 20. If you are running a version older than 24.0.1 and you do not upgrade, your environment will remain vulnerable."

WhatsUp Gold is a network monitoring software designed to provide comprehensive visibility into an organization’s IT infrastructure. It enables users to monitor devices, applications, servers, and network traffic in real time, helping to quickly identify and resolve performance issues.

To install the latest version, visit Progress’ product list page, download the latest version, and run it on your WhatsUp Gold server. After that, just follow the prompts. Since there are no details about the flaws, we don’t know if they have been abused in the wild already.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.