Progress Software has issued a critical security bulletin for its WhatsUp Gold network monitoring software, addressing three vulnerabilities with severe implications. The most critical, CVE-2024-12108 (CVSS 9.6), allows attackers to fully control the server via a public API, while CVE-2024-12106 (CVSS 9.4) enables unauthorized LDAP configuration, and CVE-2024-12105 (CVSS 6.5) permits authenticated users to extract sensitive information. Progress urges users to immediately upgrade to version 24.0.2, which patches these vulnerabilities, ensuring protection against unauthorized access and data breaches.

‍