CVE-2024-4885: Active Exploitation of Critical WhatsUp Gold RCE Flaw
Red | Vulnerability Report
Download PDFMultiple critical security flaws in Progress Software’s WhatsUp Gold, particularly CVE-2024-4885, are being actively exploited. This flaw, present in versions before 23.1.3, allows unauthenticated remote code execution due to inadequate input validation in the GetFileWithoutZip function. A proof-of-concept exploit is publicly available, and Progress Software has released fixes, users are strongly urged to update to the latest version and restrict access to vulnerable endpoints.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox