Progress WhatsUp Gold Vulnerabilities – Attackers Inject SQL Instructions

The Progress WhatsUp Gold staff confirmed the existence of vital vulnerabilities in all variations of their software program launched earlier than 2024.0.0.

If exploited, these vulnerabilities might enable attackers to inject SQL instructions, posing vital safety dangers to customers.

Though there have been no studies of those vulnerabilities being exploited within the wild, the corporate is urging all prospects to improve to the newest model instantly.

CVE-2024-6670 (WUG-16138) – CVSS Rating: 9.8

One of the crucial extreme vulnerabilities, CVE-2024-6670, impacts WhatsUp Gold variations launched earlier than 2024.0.0.

This SQL Injection vulnerability might be exploited if the applying is configured with just one person.

An unauthenticated attacker might retrieve the person’s encrypted password, resulting in unauthorized entry.

The vulnerability was found by Sina Kheirkhah (@SinSinology) of the Summoning Crew (@SummoningTeam), which collaborates with the Development Micro Zero Day Initiative. The excessive CVSS rating of 9.8 displays its vital nature.

Are You From SOC/DFIR Groups? - Attempt Superior Malware and Phishing Evaluation With ANY.RUN -14-day free trial

CVE-2024-6671 (WUG-16139) – CVSS Rating: 9.8

Just like CVE-2024-6670, CVE-2024-6671 additionally entails a SQL Injection vulnerability in WhatsUp Gold variations earlier than 2024.0.0.

This flaw permits an unauthenticated attacker to retrieve the person’s encrypted password when the applying is configured with a single person.

Once more, Sina Kheirkhah and the Summoning Crew had been credited with this vulnerability, highlighting the continued collaboration with safety researchers to determine and mitigate potential dangers.

CVE-2024-6672 (WUG-16142) – CVSS Rating: 8.8

CVE-2024-6672 presents a barely totally different menace. On this case, an authenticated low-privileged attacker might exploit a SQL Injection vulnerability to realize privilege escalation by modifying a privileged person’s password.

Whereas barely much less vital than the earlier two, this vulnerability nonetheless poses a big danger to system integrity and safety.

The invention of this vulnerability additionally comes from the efforts of Sina Kheirkhah and the Summoning Crew, emphasizing the significance of exterior safety analysis in sustaining software program safety.

Pressing Name to Motion

Progress strongly encourages all WhatsUp Gold prospects operating variations older than 2024.0.0 to improve their methods instantly.

The improve course of is simple, usually taking half-hour or much less, and is out there freed from cost to prospects with an energetic service settlement.

Progress provides help by its Buyer Help and Skilled Companies groups. Clients with an energetic service settlement or subscription can contact Progress Technical Help.

These with out an energetic settlement are suggested to contact Progress Gross sales to reinstate their license.

Progress is paramountly involved concerning the safety of WhatsUp Gold customers. The corporate has taken swift motion to deal with these vulnerabilities and proactively notifies prospects to mitigate potential dangers.

By upgrading to the newest model, customers can guarantee their methods stay safe in opposition to these recognized threats.

Defend Your Enterprise with Cynet Managed All-in-One Cybersecurity Platform – Attempt Free Trial