Vulnerabilities > Progress

DATE CVE VULNERABILITY TITLE RISK
2023-12-14 CVE-2023-6595 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism.
network
low complexity
progress
5.3
2023-11-29 CVE-2023-6217 Cross-site Scripting vulnerability in Progress Moveit Transfer
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer.  An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment.
network
low complexity
progress CWE-79
6.1
2023-11-29 CVE-2023-6218 Improper Privilege Management vulnerability in Progress Moveit Transfer
In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified.  It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator.
network
low complexity
progress CWE-269
7.2
2023-11-07 CVE-2023-42659 Unrestricted Upload of File with Dangerous Type vulnerability in Progress WS FTP Server
In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified.
network
low complexity
progress CWE-434
8.8
2023-09-27 CVE-2023-40048 Cross-Site Request Forgery (CSRF) vulnerability in Progress WS FTP Server
In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.
network
low complexity
progress CWE-352
6.5
2023-09-27 CVE-2023-40049 Unspecified vulnerability in Progress WS FTP Server
In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.
network
low complexity
progress
5.3
2023-09-27 CVE-2023-42657 Path Traversal vulnerability in Progress WS FTP Server
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.  An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path.  Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.
network
low complexity
progress CWE-22
critical
9.6
2023-09-27 CVE-2023-40044 Deserialization of Untrusted Data vulnerability in Progress WS FTP Server
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.  
network
low complexity
progress CWE-502
8.8
2023-09-27 CVE-2023-40045 Cross-site Scripting vulnerability in Progress WS FTP Server
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc Transfer module.  An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.
network
low complexity
progress CWE-79
6.1
2023-09-27 CVE-2023-40046 SQL Injection vulnerability in Progress WS FTP Server
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface.
network
low complexity
progress CWE-89
7.2