Filtered by vendor Progress Subscriptions
Total 168 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-6671 1 Progress 2 Whatsup Gold, Whatsupgold 2024-09-25 9.8 Critical
In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CVE-2024-6670 1 Progress 2 Whatsup Gold, Whatsupgold 2024-09-17 9.8 Critical
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CVE-2024-7345 1 Progress 1 Openedge 2024-09-05 8.3 High
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
CVE-2024-7346 1 Progress 1 Openedge 2024-09-05 7.2 High
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection.  This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security.  The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.
CVE-2024-7654 1 Progress 1 Openedge 2024-09-05 8.3 High
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated.  Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other types of attack that could spoof or deceive web interface users.   Unauthorized use of the OEE/OEM discovery service was remediated by deactivating the discovery service by default.
CVE-2024-7745 1 Progress 1 Ws Ftp Server 2024-09-04 6.5 Medium
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
CVE-2024-7744 1 Progress 1 Ws Ftp Server 2024-09-04 6.5 Medium
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Probe System Files, User-Controlled Filename, Path Traversal.   An authenticated file download flaw has been identified where a user can craft an API call that allows them to download a file from an arbitrary folder on the drive where that user host's root folder is located (by default this is C:)
CVE-2024-6672 1 Progress 2 Whatsup Gold, Whatsupgold 2024-09-04 8.8 High
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password.