REDLEGG BLOG

Emergency Security Bulletin - WhatsUp Gold Unauthorized Access via Public API

1/7/25 12:20 PM  |  by RedLegg Blog

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

RedLegg will include a brief description of the vulnerability, whether or not an active exploit or POC exists, and then a link to an update, if any, exists. If no update exists, there will be remediation or mitigation suggestions to limit each vulnerability's risk.

 

VULNERABILITIES

Unauthorized Access via Public API in WhatsUp Gold

CVSS Score: 9.6 (Critical)
Identifier: CVE-2024-12108
Exploit or POC: No known public proof of concept has been reported.
Update: CVE-2024-12108 – Progress Software Security Advisory

Description: CVE-2024-12108 is a critical vulnerability in WhatsUp Gold versions released before 2024.0.2. This flaw allows attackers to gain unauthorized access to the WhatsUp Gold server via the public API, potentially leading to unauthorized actions within the application.

Mitigation Recommendation: Patching is currently the only method of mitigation. Please update to WhatsUp Gold version 2024.0.2 or later, as listed in the Progress Software Security Advisory. Immediate patching is recommended to prevent potential exploitation.

Get Blog Updates

Related Articles

Emergency Security Bulletin: Multiple SAP NetWeaver Vulnerabilities Vulnerability Bulletins

Emergency Security Bulletin: Multiple SAP NetWeaver Vulnerabilities

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Patch Tuesday - January 2025 Vulnerability Bulletins

Patch Tuesday - January 2025

*Important note: These are not the only vulnerabilities that were recently released; however, these are the ...
Critical Security Vulnerabilities Bulletin