Vulnerabilities > Progress > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-25 CVE-2024-5805 Improper Authentication vulnerability in Progress Moveit Gateway 2024.0
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.
network
low complexity
progress CWE-287
critical
9.1
2024-06-25 CVE-2024-5806 Unspecified vulnerability in Progress Moveit Transfer
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
network
low complexity
progress
critical
9.8
2024-04-02 CVE-2024-2389 OS Command Injection vulnerability in Progress Flowmon
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
network
low complexity
progress CWE-78
critical
9.8
2024-02-27 CVE-2024-1403 Unspecified vulnerability in Progress Openedge
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The vulnerability is a bypass to authentication based on a failure to properly handle username and password.
network
low complexity
progress
critical
9.8
2024-02-21 CVE-2024-1212 OS Command Injection vulnerability in Progress Loadmaster
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
network
low complexity
progress CWE-78
critical
9.8
2024-01-18 CVE-2023-40051 Unrestricted Upload of File with Dangerous Type vulnerability in Progress Openedge and Openedge Innovation
This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE.
network
low complexity
progress CWE-434
critical
9.9
2023-09-27 CVE-2023-42657 Path Traversal vulnerability in Progress WS FTP Server
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.  An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path.  Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.
network
low complexity
progress CWE-22
critical
9.6
2023-07-05 CVE-2023-36934 SQL Injection vulnerability in Progress Moveit Transfer
In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database.
network
low complexity
progress CWE-89
critical
9.1
2023-06-16 CVE-2023-35708 SQL Injection vulnerability in Progress Moveit Transfer
In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database.
network
low complexity
progress CWE-89
critical
9.8
2023-06-12 CVE-2023-35036 SQL Injection vulnerability in Progress Moveit Transfer
In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database.
network
low complexity
progress CWE-89
critical
9.1