Vulnerabilities > Progress > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-12-02 CVE-2024-46909 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
network
low complexity
progress
critical
9.8
2024-09-03 CVE-2024-7345 Code Injection vulnerability in Progress Openedge
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
low complexity
progress CWE-94
critical
9.6
2024-08-29 CVE-2024-6670 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
network
low complexity
progress CWE-89
critical
9.8
2024-08-29 CVE-2024-6671 SQL Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
network
low complexity
progress CWE-89
critical
9.8
2024-07-24 CVE-2024-6096 Unsafe Reflection vulnerability in Progress Telerik Reporting
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
network
low complexity
progress CWE-470
critical
9.8
2024-07-24 CVE-2024-6327 Deserialization of Untrusted Data vulnerability in Progress Telerik Report Server
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability.
network
low complexity
progress CWE-502
critical
9.8
2024-06-25 CVE-2024-4883 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold.
network
low complexity
progress
critical
9.8
2024-06-25 CVE-2024-4884 Command Injection vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges.
network
low complexity
progress CWE-77
critical
9.8
2024-06-25 CVE-2024-4885 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
network
low complexity
progress
critical
9.8
2024-06-25 CVE-2024-5805 Improper Authentication vulnerability in Progress Moveit Gateway 2024.0
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.
network
low complexity
progress CWE-287
critical
9.1