Vulnerabilities > Progress

DATE CVE VULNERABILITY TITLE RISK
2024-12-02 CVE-2024-46905 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.
network
low complexity
progress
8.8
2024-12-02 CVE-2024-46906 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
network
low complexity
progress
8.8
2024-12-02 CVE-2024-46907 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
network
low complexity
progress
8.8
2024-12-02 CVE-2024-46908 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
network
low complexity
progress
8.8
2024-12-02 CVE-2024-46909 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
network
low complexity
progress
critical
9.8
2024-12-02 CVE-2024-8785 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
network
low complexity
progress
5.3
2024-11-13 CVE-2024-7295 Use of Hard-coded Credentials vulnerability in Progress Telerik Report Server
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
local
low complexity
progress CWE-798
6.2
2024-11-13 CVE-2024-8049 Unspecified vulnerability in Progress Telerik Document Processing Libraries
In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.
network
low complexity
progress
6.5
2024-10-24 CVE-2024-7763 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.
network
low complexity
progress
7.5
2024-10-09 CVE-2024-7292 Improper Restriction of Excessive Authentication Attempts vulnerability in Progress Telerik Report Server
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
network
low complexity
progress CWE-307
8.8