Vulnerabilities > Progress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-24 | CVE-2024-6096 | Unsafe Reflection vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | 9.8 |
| 2024-07-24 | CVE-2024-6327 | Deserialization of Untrusted Data vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. | 9.8 |
| 2024-06-25 | CVE-2024-5012 | Improper Authentication vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. | 8.6 |
| 2024-06-25 | CVE-2024-5013 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application non-accessible. | 7.5 |
| 2024-06-25 | CVE-2024-5014 | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. | 6.5 |
| 2024-06-25 | CVE-2024-5015 | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. | 8.8 |
| 2024-06-25 | CVE-2024-5016 | Deserialization of Untrusted Data vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients. | 7.2 |
| 2024-06-25 | CVE-2024-5017 | Path Traversal vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure. | 6.5 |
| 2024-06-25 | CVE-2024-5018 | Path Traversal vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. | 7.5 |
| 2024-06-25 | CVE-2024-5019 | Path Traversal vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. | 7.5 |