Vulnerabilities > Progress > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-7345 | Code Injection vulnerability in Progress Openedge Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms | 9.6 |
| 2024-08-29 | CVE-2024-6670 | SQL Injection vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | 9.8 |
| 2024-08-29 | CVE-2024-6671 | SQL Injection vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | 9.8 |
| 2024-07-24 | CVE-2024-6096 | Unsafe Reflection vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | 9.8 |
| 2024-07-24 | CVE-2024-6327 | Deserialization of Untrusted Data vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. | 9.8 |
| 2024-06-25 | CVE-2024-4883 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. | 9.8 |
| 2024-06-25 | CVE-2024-4884 | Command Injection vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges. | 9.8 |
| 2024-06-25 | CVE-2024-4885 | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. | 9.8 |
| 2024-06-25 | CVE-2024-5805 | Improper Authentication vulnerability in Progress Moveit Gateway 2024.0 Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0. | 9.1 |
| 2024-02-21 | CVE-2024-1212 | OS Command Injection vulnerability in Progress Loadmaster Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. | 9.8 |