Vulnerabilities > Progress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-25 | CVE-2024-5008 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. | 8.8 |
| 2024-06-25 | CVE-2024-5009 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. | 8.4 |
| 2024-06-25 | CVE-2024-5010 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information. | 7.5 |
| 2024-06-25 | CVE-2024-5011 | Resource Exhaustion vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service. | 7.5 |
| 2024-06-25 | CVE-2024-5805 | Improper Authentication vulnerability in Progress Moveit Gateway 2024.0 Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0. | 9.1 |
| 2024-06-25 | CVE-2024-5806 | Unspecified vulnerability in Progress Moveit Transfer Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. | 9.8 |
| 2024-06-16 | CVE-2023-27636 | Cross-site Scripting vulnerability in Progress Sitefinity Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. | 5.4 |
| 2024-05-22 | CVE-2024-4563 | Unspecified vulnerability in Progress Moveit Automation The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. | 7.5 |
| 2024-05-15 | CVE-2024-4200 | Deserialization of Untrusted Data vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | 7.8 |
| 2024-05-15 | CVE-2024-4202 | Code Injection vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. | 8.6 |