Vulnerabilities > Progress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-05 | CVE-2023-36933 | Improper Handling of Exceptional Conditions vulnerability in Progress Moveit Transfer In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. | 7.5 |
| 2023-07-05 | CVE-2023-36934 | SQL Injection vulnerability in Progress Moveit Transfer In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. | 9.1 |
| 2023-06-23 | CVE-2023-34203 | Injection vulnerability in Progress Openedge, Openedge Explorer and Openedge Management In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. | 8.8 |
| 2023-06-23 | CVE-2023-35759 | Cross-site Scripting vulnerability in Progress Whatsup Gold In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. | 6.1 |
| 2023-06-16 | CVE-2023-35708 | SQL Injection vulnerability in Progress Moveit Transfer In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. | 9.8 |
| 2023-06-12 | CVE-2023-35036 | SQL Injection vulnerability in Progress Moveit Transfer In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. | 9.1 |
| 2023-06-09 | CVE-2023-34363 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Progress Datadirect Odbc Oracle Wire Protocol Driver An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. | 5.9 |
| 2023-06-09 | CVE-2023-34364 | Out-of-bounds Write vulnerability in Progress Datadirect Odbc Oracle Wire Protocol Driver A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. | 9.8 |
| 2023-06-02 | CVE-2023-34362 | SQL Injection vulnerability in Progress Moveit Cloud and Moveit Transfer In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. | 9.8 |
| 2023-04-21 | CVE-2023-26100 | Cross-site Scripting vulnerability in Progress Flowmon OS In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. | 6.1 |