All WhatUp Gold old versions are compromised and user credentials are exploited

All WhatUp Gold old versions are compromised and user credentials are exploited.

WhatsUp Gold streamlines network monitoring workflows by letting you initiate management tools directly from the interactive map. It manages networks, traffic, physical servers, VMs and applications with easy-to-use and customizable maps, dashboards and alerts. 

Using this we can switch between physical, virtual, wireless, and dependency views to resolve DevOps monitoring issues or activities quickly.

It is used by the DevOps or networking team in the major organizations across the globe.

SQL Injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.

This can allow an attacker to view data that they are not normally able to retrieve.

This might include data that belongs to other users, or any other data that the application can access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behaviour.

All old version of the WhatsUp Gold have a SQL Injection vulnerability which allows an unauthenticated attacker to retrieve the user’s encrypted password.  WhatsUp Gold authentication to exploit the Active Monitor PowerShell Script and ultimately download various remote access tools for gaining persistence on the Windows host.

Hence it is recommended for all the organization customer of WhatUp Gold utilizing in their network, and DevOps Teams to upgrade their WhatsUp Gold versions to 2024.0.0

#Network, #SQL Injection, #WhatUp Gold, #Microsoft Windows Server 2016,  #Microsoft Windows Server 2019, #Microsoft Windows Server 2022,