WhatsUp Gold product security update advisory

Jul 11 2024

Overview

An update have been released vulnerabilities in WhatsUp Gold has been announced. Users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-5009, CVE-2024-4885

WhatsUP Gold Versions: ~23.1.3 (excluded)

Resolved Vulnerabilities

Improper access control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify the administrator’s password (CVE-2024-5009)
WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows commands to be executed with iisapppool\nmconsole privileges, allowing unauthenticated remote code execution (CVE-2024-4885)

Vulnerability Patches

Vulnerability Patches were made available in the June 24, 2024 update as follows. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-5009, CVE-2024-4885

WhatsUP Gold version: 23.1.3

Referenced Sites

[1] CVE-2024-5009 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-5009

[2] WhatsUp Gold Security Bulletin- June 2024

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024

[3] CVE-2024-4885 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-4885

WhatsUp Gold product security update advisory

Adobe Product Suite July 2024 Routine Security Update Advisory

Palo Alto Networks (Expedition, PAN-OS, Cloud NGFW, Prisma Access, Cortex XDR Agent) Family July 2024 Security Update Advisory

Tags:

Adobe Product Suite July 2024 Routine Security Update Advisory

Palo Alto Networks (Expedition, PAN-OS, Cloud NGFW, Prisma Access, Cortex XDR Agent) Family July 2024 Security Update Advisory