Vulnerabilities > Progress

DATE CVE VULNERABILITY TITLE RISK
2024-04-02 CVE-2024-2389 OS Command Injection vulnerability in Progress Flowmon
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
network
low complexity
progress CWE-78
critical
9.8
2024-03-22 CVE-2024-2448 OS Command Injection vulnerability in Progress Loadmaster 7.1.35.10/7.2.48.10
An OS command injection vulnerability has been identified in LoadMaster.  An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.
network
low complexity
progress CWE-78
8.8
2024-03-22 CVE-2024-2449 Cross-Site Request Forgery (CSRF) vulnerability in Progress Loadmaster 7.1.35.10/7.2.48.10
A cross-site request forgery vulnerability has been identified in LoadMaster.  It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site.
network
high complexity
progress CWE-352
7.5
2024-03-20 CVE-2024-2291 Unspecified vulnerability in Progress Moveit Transfer
In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.
network
low complexity
progress
4.3
2024-03-20 CVE-2024-1800 Deserialization of Untrusted Data vulnerability in Progress Telerik Report Server
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
network
low complexity
progress CWE-502
8.8
2024-03-20 CVE-2024-1801 Deserialization of Untrusted Data vulnerability in Progress Telerik Reporting
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
local
low complexity
progress CWE-502
7.8
2024-03-20 CVE-2024-1856 Deserialization of Untrusted Data vulnerability in Progress Telerik Reporting
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability.
network
low complexity
progress CWE-502
8.8
2024-02-28 CVE-2024-1632 Unspecified vulnerability in Progress Sitefinity
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
network
low complexity
progress
6.5
2024-02-28 CVE-2024-1636 Cross-site Scripting vulnerability in Progress Sitefinity
Potential Cross-Site Scripting (XSS) in the page editing area.
network
low complexity
progress CWE-79
5.4
2024-02-27 CVE-2024-1403 Unspecified vulnerability in Progress Openedge
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The vulnerability is a bypass to authentication based on a failure to properly handle username and password.
network
low complexity
progress
critical
9.8