Summary
A number of security vulnerabilities, including three with ‘critical’ severity, were found in Progress’ WhatsUp Gold product, software for monitoring IT infrastructures.
Risk
Estimated impact of the vulnerability on the target community: MEDIUM/LOW (60/100)1.
Type
- Arbitrary File Write
- Denial of Service
- Information Disclosure
- Privilege Escalation
- Remote Code Execution
Affected Products and Versions
Progress WhatsUp Gold, version 23.1.2 and earlier
Mitigation Actions
In line with vendor statements, it is recommended that vulnerable products be updated by following the security bulletin in the References section.
Unique Vulnerability Identifiers
Below are only the CVEs relating to vulnerabilities with ‘critical’ and ‘high’ severity:
References
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoCs, prevalence of affected software/devices in the target community.
