Vulnerabilities > Progress

DATE CVE VULNERABILITY TITLE RISK
2024-06-25 CVE-2024-5011 Resource Exhaustion vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service.
network
low complexity
progress CWE-400
7.5
2024-06-25 CVE-2024-5805 Improper Authentication vulnerability in Progress Moveit Gateway 2024.0
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.
network
low complexity
progress CWE-287
critical
9.1
2024-06-16 CVE-2023-27636 Cross-site Scripting vulnerability in Progress Sitefinity
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
network
low complexity
progress CWE-79
5.4
2024-05-14 CVE-2024-4561 Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server.
network
low complexity
progress CWE-918
5.3
2024-05-14 CVE-2024-4562 Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality.  Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery.
network
low complexity
progress CWE-918
5.4
2024-02-28 CVE-2024-1632 Unspecified vulnerability in Progress Sitefinity
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
network
low complexity
progress
6.5
2024-02-28 CVE-2024-1636 Cross-site Scripting vulnerability in Progress Sitefinity
Potential Cross-Site Scripting (XSS) in the page editing area.
network
low complexity
progress CWE-79
5.4
2024-02-21 CVE-2024-1212 OS Command Injection vulnerability in Progress Loadmaster
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
network
low complexity
progress CWE-78
critical
9.8
2024-01-31 CVE-2024-0219 Unspecified vulnerability in Progress Telerik Justdecompile 2019.1.118.0
In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.
local
low complexity
progress
7.8
2024-01-31 CVE-2024-0832 Unspecified vulnerability in Progress Telerik Reporting
In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.
local
low complexity
progress
7.8