Vulnerabilities > Progress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2023-24029 | Incorrect Authorization vulnerability in Progress WS FTP Server In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. | 7.2 |
| 2022-10-12 | CVE-2022-42711 | Cross-site Scripting vulnerability in Progress Whatsup Gold In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. | 9.6 |
| 2022-08-02 | CVE-2022-36967 | Cross-site Scripting vulnerability in Progress Ipswitch WS FTP Server In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. | 6.1 |
| 2022-08-02 | CVE-2022-36968 | Cross-Site Request Forgery (CSRF) vulnerability in Progress Ipswitch WS FTP Server In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks. | 4.3 |
| 2022-05-11 | CVE-2022-29845 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Progress Whatsup Gold 21.1.0/21.1.1/22.0.0 In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. | 6.5 |
| 2022-05-11 | CVE-2022-29846 | Unspecified vulnerability in Progress Whatsup Gold In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. | 5.3 |
| 2022-05-11 | CVE-2022-29847 | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold 21.1.0/21.1.1/22.0.0 In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. | 7.5 |
| 2022-05-11 | CVE-2022-29848 | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system. | 6.5 |
| 2022-05-02 | CVE-2022-29849 | Unspecified vulnerability in Progress Openedge In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. | 7.8 |
| 2021-09-28 | CVE-2021-41318 | Cross-site Scripting vulnerability in Progress Whatsupgold In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. | 6.1 |