Vulnerabilities > Progress > High

DATE CVE VULNERABILITY TITLE RISK
2024-12-02 CVE-2024-46905 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.
network
low complexity
progress
8.8
2024-12-02 CVE-2024-46906 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
network
low complexity
progress
8.8
2024-12-02 CVE-2024-46907 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
network
low complexity
progress
8.8
2024-12-02 CVE-2024-46908 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
network
low complexity
progress
8.8
2024-10-24 CVE-2024-7763 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.
network
low complexity
progress
7.5
2024-10-09 CVE-2024-7292 Improper Restriction of Excessive Authentication Attempts vulnerability in Progress Telerik Report Server
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
network
low complexity
progress CWE-307
8.8
2024-10-09 CVE-2024-7293 Weak Password Requirements vulnerability in Progress Telerik Reporting
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
network
low complexity
progress CWE-521
8.8
2024-10-09 CVE-2024-7840 Command Injection vulnerability in Progress Telerik Reporting 12.0.18.125
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
local
low complexity
progress CWE-77
7.8
2024-10-09 CVE-2024-8014 Unsafe Reflection vulnerability in Progress Telerik Reporting 12.0.18.125
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
network
low complexity
progress CWE-470
8.8
2024-10-09 CVE-2024-8015 Unsafe Reflection vulnerability in Progress Telerik Report Server
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
network
low complexity
progress CWE-470
7.2