Vulnerabilities > Progress

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-6671 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
network
low complexity
progress CWE-89
critical
9.8
2024-08-29 CVE-2024-6672 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.
network
low complexity
progress CWE-89
8.8
2024-08-28 CVE-2024-7744 Path Traversal vulnerability in Progress WS FTP Server
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal.   An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:)
network
low complexity
progress CWE-22
6.5
2024-08-28 CVE-2024-7745 Improper Authentication vulnerability in Progress WS FTP Server
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
network
low complexity
progress CWE-287
8.1
2024-07-24 CVE-2024-6096 Unsafe Reflection vulnerability in Progress Telerik Reporting
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
network
low complexity
progress CWE-470
critical
9.8
2024-07-24 CVE-2024-6327 Deserialization of Untrusted Data vulnerability in Progress Telerik Report Server
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.
network
low complexity
progress CWE-502
critical
9.8
2024-06-25 CVE-2024-5012 Improper Authentication vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials.
network
low complexity
progress CWE-287
8.6
2024-06-25 CVE-2024-5013 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible.
network
low complexity
progress
7.5
2024-06-25 CVE-2024-5014 Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature.
network
low complexity
progress CWE-918
6.5
2024-06-25 CVE-2024-5015 Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability.
network
low complexity
progress CWE-918
8.8