- 189/2024
- Critical
Progress has released a security update to address several vulnerabilities affecting WhatsUp Gold 23.1.2 and all older versions.
The addressed vulnerability could allow the remote attacker to bypass security restrictions, perform denial of services attacks, gain elevated privileges, obtain sensitive information, upload arbitrary files, or execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Progress Software Corporation WhatsUp Gold Code Execution Vulnerability (CVE-2024-4883):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Progress Software Corporation WhatsUp Gold Denial of Service Vulnerability (CVE-2024-5011):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2024-4883
- CVE-2024-4884
- CVE-2024-4885
- CVE-2024-5008
- CVE-2024-5009
- CVE-2024-5010
- CVE-2024-5011
- CVE-2024-5012
- CVE-2024-5013
- CVE-2024-5014
- CVE-2024-5015
- CVE-2024-5016
- CVE-2024-5017
- CVE-2024-5018
- CVE-2024-5019
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.