When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
To gain this access, the attackers would need to craft a custom API request.
Users are advised to apply the released patch immediately.
Progress has since been alerted of the discovery, and released a patch.
Flowmon versions 12.x and 11.x are all vulnerable.
First patched versions are 12.3.5 and 11.1.14.
Those with automatic updates enabled will have gotten the patch already.
Those who opted for manual updates need to go to the vendors download center.
After applying the patch, Progress recommends upgrading all Flowmon modules, too.
Some search engines show about 500 exposed servers, while others see fewer than 100 instances.
So far, there is no evidence of abuse in the wild.
