Vulnerabilities > Progress
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-25 | CVE-2024-5011 | Resource Exhaustion vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service. | 7.5 |
2024-06-25 | CVE-2024-5805 | Improper Authentication vulnerability in Progress Moveit Gateway 2024.0 Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0. | 9.1 |
2024-06-16 | CVE-2023-27636 | Cross-site Scripting vulnerability in Progress Sitefinity Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. | 5.4 |
2024-05-14 | CVE-2024-4561 | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. | 5.3 |
2024-05-14 | CVE-2024-4562 | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery. | 5.4 |
2024-02-28 | CVE-2024-1632 | Unspecified vulnerability in Progress Sitefinity Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. | 6.5 |
2024-02-28 | CVE-2024-1636 | Cross-site Scripting vulnerability in Progress Sitefinity Potential Cross-Site Scripting (XSS) in the page editing area. | 5.4 |
2024-02-21 | CVE-2024-1212 | OS Command Injection vulnerability in Progress Loadmaster Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. | 9.8 |
2024-01-31 | CVE-2024-0219 | Unspecified vulnerability in Progress Telerik Justdecompile 2019.1.118.0 In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | 7.8 |
2024-01-31 | CVE-2024-0832 | Unspecified vulnerability in Progress Telerik Reporting In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | 7.8 |