---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies
title: 'Multiple Vulnerabilities in WhatsUp Gold'
number: '2024-105'
version: '1.0'
original_date: 'September 24, 2024'
date: 'September 27, 2024'
---

_History:_

* _27/09/2024 --- v1.0 -- Initial publication_

# Summary

On September 24, 2024, the WhatsUp Gold team released a security advisory addressing six vulnerabilities of various severities, the most critical reaching the score of 9.8 out of 10 [1].

# Technical Details

No technical details have been release at this time, but the following vulnerabilities have been listed by the WhatsUp Gold team in their security bulletin [1]:

- **CVE-2024-46905**: CVSS 8.8/10 (reported by Sina Kheirkhah)
- **CVE-2024-46906**: CVSS 8.8/10 (reported by Sina Kheirkhah)
- **CVE-2024-46907**: CVSS 8.8/10 (reported by Sina Kheirkhah)
- **CVE-2024-46908**: CVSS 8.8/10 (reported by Sina Kheirkhah)
- **CVE-2024-46909**: CVSS 9.8/10 (reported by Andy Niu)
- **CVE-2024-8785**: CVSS 9.8/10 (reported by Tenable)

# Affected Products

All WhatsUp Gold versions below 24.0.1.

# Recommendations

CERT-EU strongly recommends updating affected devices as soon as possible [1].

# References

[1] <https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024>