Vulnerabilities > Progress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-16 | CVE-2023-27636 | Cross-site Scripting vulnerability in Progress Sitefinity Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. | 5.4 |
| 2024-05-22 | CVE-2024-4563 | Unspecified vulnerability in Progress Moveit Automation The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. | 7.5 |
| 2024-05-15 | CVE-2024-4200 | Deserialization of Untrusted Data vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | 7.8 |
| 2024-05-15 | CVE-2024-4202 | Code Injection vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. | 8.6 |
| 2024-05-15 | CVE-2024-4357 | XXE vulnerability in Progress Telerik Reporting An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. | 6.5 |
| 2024-05-15 | CVE-2024-4837 | Unspecified vulnerability in Progress Telerik Report Server In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability. | 5.3 |
| 2024-05-14 | CVE-2024-4561 | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. | 5.3 |
| 2024-05-14 | CVE-2024-4562 | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.2 , an SSRF vulnerability exists in Whatsup Gold's Issue exists in the HTTP Monitoring functionality. Due to the lack of proper authorization, any authenticated user can access the HTTP monitoring functionality, what leads to the Server Side Request Forgery. | 5.4 |
| 2024-05-02 | CVE-2024-3544 | Unspecified vulnerability in Progress Loadmaster Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. high complexity progress | 7.5 |
| 2024-05-02 | CVE-2024-3543 | Insufficiently Protected Credentials vulnerability in Progress Loadmaster 7.2.48.11 Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system. | 7.5 |