Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Progress Software Corporation — Vulnerabilities & Security Advisories 86

Browse all 86 CVE security advisories affecting Progress Software Corporation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Progress Software Corporation develops enterprise software solutions, primarily focusing on application development platforms, database management, and IoT connectivity. The company’s product portfolio, including OpenEdge and Telerik components, has historically been associated with a significant volume of security vulnerabilities, currently totaling 86 CVEs. Common flaw categories include remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation errors or improper access controls within legacy codebases. While no single catastrophic incident has defined the company’s public security history, the high CVE count suggests persistent challenges in maintaining secure coding practices across its diverse software suite. Security researchers frequently highlight these issues, urging administrators to apply patches promptly. The firm continues to address these vulnerabilities through regular updates, though the sheer number of recorded exploits indicates a complex attack surface requiring rigorous ongoing maintenance and vigilant configuration management by enterprise users.

Top products by Progress Software Corporation: WhatsUp Gold WS_FTP Server Sitefinity Telerik Report Server MOVEit Transfer OpenEdge Telerik Reporting LoadMaster Chef InSpec Chef Automate Telerik UI for WinForms MOVEit Automation Chef Habitat Builder Progress® Telerik® Reporting
CVE IDTitleCVSSSeverityPublished
CVE-2024-6327 Progress Telerik Report Server Deserialization — Telerik Report ServerCWE-502 9.9 Critical2024-07-24
CVE-2024-4882 URL Redirection to Arbitrary Site Exists in Sitefinity — SitefinityCWE-601 6.1AIMediumAI2024-07-08
CVE-2024-5019 WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability — WhatsUp GoldCWE-22 5.3 Medium2024-06-25
CVE-2024-5018 WhatsUp Gold LoadUsingBasePath Directory Traversal Information Disclosure Vulnerability — WhatsUp GoldCWE-22 5.3 Medium2024-06-25
CVE-2024-5017 WhatsUp Gold AppProfileImport path traversal vulnerability — WhatsUp GoldCWE-22 6.5 Medium2024-06-25
CVE-2024-5016 WhatsUp Gold OnMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability — WhatsUp GoldCWE-502 7.2 High2024-06-25
CVE-2024-5015 WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability — WhatsUp GoldCWE-918 7.1 High2024-06-25
CVE-2024-5014 WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure — WhatsUp GoldCWE-918 7.1 High2024-06-25
CVE-2024-5013 WhatsUp Gold InstallController Denial-of-Service Vulnerability — WhatsUp GoldCWE-400 7.5 High2024-06-25
CVE-2024-5012 WhatsUp Gold Missing Authentication GetWindowsCredential Information Disclosure Vulnerability — WhatsUp GoldCWE-287 8.6 High2024-06-25
CVE-2024-5011 WhatsUp Gold TestController Chart denial of service vulnerability — WhatsUp GoldCWE-400 7.5 High2024-06-25
CVE-2024-5010 WhatsUp Gold TestController multiple information disclosure vulnerabilities — WhatsUp GoldCWE-200 7.5 High2024-06-25
CVE-2024-5009 WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability — WhatsUp GoldCWE-269 8.4 High2024-06-25
CVE-2024-5008 WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability — WhatsUp GoldCWE-434 8.8 High2024-06-25
CVE-2024-4885 WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability — WhatsUp GoldCWE-22 9.8 Critical2024-06-25
CVE-2024-4884 WhatsUp Gold CommunityController Unrestricted File Upload Remote Code Execution Vulnerability — WhatsUp GoldCWE-77 9.8 Critical2024-06-25
CVE-2024-4883 WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability — WhatsUp GoldCWE-77 9.8 Critical2024-06-25
CVE-2024-4358 Registration Authentication Bypass Vulnerability — Telerik Report ServerCWE-290 9.8 Critical2024-05-29
CVE-2024-4563 The Progress MOVEit Automation Configuration Export Function Uses a Cryptographic Method with Insufficient Bit Length — MOVEit AutomationCWE-327 6.1 Medium2024-05-22
CVE-2024-4200 Progress Telerik Reporting Local Deserialization Vulnerability — Telerik ReportingCWE-502 7.7 High2024-05-15
CVE-2024-4202 Progress Telerik Reporting Local Instantiation Vulnerability — Telerik ReportingCWE-94 7.7 High2024-05-15
CVE-2024-3892 Local code execution vulnerability in Telerik UI for WinForms — Telerik UI for WinFormsCWE-94 7.2 High2024-05-15
CVE-2024-4562 WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via HttpMonitorSettings — WhatsUp GoldCWE-918 5.4 Medium2024-05-14
CVE-2024-4561 WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via FaviconController — WhatsUp GoldCWE-918 4.2 Medium2024-05-14
CVE-2024-3544 LoadMaster Hardcoded SSH Key — LoadMasterCWE-798 7.5 High2024-05-02
CVE-2024-3543 LoadMaster Reversible Password Encryption Algorithm — LoadMasterCWE-257 6.4 Medium2024-05-02
CVE-2024-1856 Progress Telerik Reporting Remote Deserialization Vulnerability — Telerik ReportingCWE-502 8.5 High2024-03-20
CVE-2024-1801 Progress Telerik Reporting Local Deserialization Vulnerability — Telerik ReportingCWE-502 7.7 High2024-03-20
CVE-2024-1800 Progress Telerik Report Server Deserialization — Telerik Report ServerCWE-502 9.9 Critical2024-03-20
CVE-2024-1636 Potential Cross-Site Scripting (XSS) in the page editing area — SitefinityCWE-79 8.0 High2024-02-28

This page lists every published CVE security advisory associated with Progress Software Corporation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.