Vulnerabilities > Progress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2024-11629 | Files or Directories Accessible to External Parties vulnerability in Progress Telerik Document Processing Libraries In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF. | 6.5 |
| 2025-02-12 | CVE-2024-11343 | Path Traversal vulnerability in Progress Telerik Document Processing Libraries In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access. | 8.8 |
| 2025-02-12 | CVE-2025-0556 | Cleartext Transmission of Sensitive Information vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing. | 6.5 |
| 2024-12-31 | CVE-2024-12105 | Path Traversal vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. | 6.5 |
| 2024-12-31 | CVE-2024-12106 | Missing Authentication for Critical Function vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. | 7.5 |
| 2024-12-31 | CVE-2024-12108 | Authentication Bypass by Spoofing vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | 9.6 |
| 2024-12-02 | CVE-2024-46905 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account. | 8.8 |
| 2024-12-02 | CVE-2024-46906 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 8.8 |
| 2024-12-02 | CVE-2024-46907 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 8.8 |
| 2024-12-02 | CVE-2024-46908 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 8.8 |