Vulnerabilities > Progress > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-12-02 CVE-2024-8785 Unspecified vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
network
low complexity
progress
5.3
2024-11-13 CVE-2024-7295 Use of Hard-coded Credentials vulnerability in Progress Telerik Report Server
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
local
low complexity
progress CWE-798
6.2
2024-11-13 CVE-2024-8049 Unspecified vulnerability in Progress Telerik Document Processing Libraries
In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.
network
low complexity
progress
6.5
2024-10-09 CVE-2024-7294 Unspecified vulnerability in Progress Telerik Reporting
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
network
low complexity
progress
6.5
2024-09-03 CVE-2024-7346 Improper Authentication vulnerability in Progress Openedge
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection.  This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security.  The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.
network
high complexity
progress CWE-287
4.8
2024-09-03 CVE-2024-7654 Cross-site Scripting vulnerability in Progress Openedge
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated.  Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other types of attack that could spoof or deceive web interface users.   Unauthorized use of the OEE/OEM discovery service was remediated by deactivating the discovery service by default.
network
low complexity
progress CWE-79
6.1
2024-08-28 CVE-2024-7744 Path Traversal vulnerability in Progress WS FTP Server
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal.   An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:)
network
low complexity
progress CWE-22
6.5
2024-06-25 CVE-2024-5014 Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature.
network
low complexity
progress CWE-918
6.5
2024-06-25 CVE-2024-5017 Path Traversal vulnerability in Progress Whatsup Gold
In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information disclosure.
network
low complexity
progress CWE-22
6.5
2024-06-16 CVE-2023-27636 Cross-site Scripting vulnerability in Progress Sitefinity
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
network
low complexity
progress CWE-79
5.4