Security News > 2024 > September > Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw
2024-09-13 11:04

Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks. The activity is said to have commenced on August 30, 2024, a mere five hours after a PoC was released for CVE-2024-6670 (CVSS score: 9.8) by security researcher Sina Kheirkhah of the Summoning Team, who


News URL

https://thehackernews.com/2024/09/progress-whatsup-gold-exploited-just.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-6670 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
network
low complexity
progress CWE-89
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Progress 28 0 56 50 31 137