Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Progress Software Corporation — Vulnerabilities & Security Advisories 86

Browse all 86 CVE security advisories affecting Progress Software Corporation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Progress Software Corporation develops enterprise software solutions, primarily focusing on application development platforms, database management, and IoT connectivity. The company’s product portfolio, including OpenEdge and Telerik components, has historically been associated with a significant volume of security vulnerabilities, currently totaling 86 CVEs. Common flaw categories include remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation errors or improper access controls within legacy codebases. While no single catastrophic incident has defined the company’s public security history, the high CVE count suggests persistent challenges in maintaining secure coding practices across its diverse software suite. Security researchers frequently highlight these issues, urging administrators to apply patches promptly. The firm continues to address these vulnerabilities through regular updates, though the sheer number of recorded exploits indicates a complex attack surface requiring rigorous ongoing maintenance and vigilant configuration management by enterprise users.

Top products by Progress Software Corporation: WhatsUp Gold WS_FTP Server Sitefinity Telerik Report Server MOVEit Transfer OpenEdge Telerik Reporting LoadMaster Chef InSpec Chef Automate Telerik UI for WinForms MOVEit Automation Chef Habitat Builder Progress® Telerik® Reporting
CVE IDTitleCVSSSeverityPublished
CVE-2024-1632 Incorrect access control in the Sitefinity backend — SitefinityCWE-284 8.8 High2024-02-28
CVE-2023-40052 Progress Application Server (PAS) for OpenEdge Denial of Service — OpenEdgeCWE-119 7.5 High2024-01-18
CVE-2023-40051 Progress Application Server (PAS) for OpenEdge File Upload via Directory Traversal — OpenEdgeCWE-434 9.1 Critical2024-01-18
CVE-2024-0396 Missing Server-Side Input Validation in HTTP Parameter — MOVEit TransferCWE-20 7.1 High2024-01-17
CVE-2023-6784 Potential Use of the Sitefinity System for Distribution of Phishing Emails — SitefinityCWE-20 4.7 Medium2023-12-20
CVE-2023-6368 WhatsUp Gold Unauthenticated Access to an API Endpoint — WhatsUp GoldCWE-306 5.9 Medium2023-12-14
CVE-2023-6595 WhatsUp Gold Unauthenticated Access to an API Endpoint — WhatsUp GoldCWE-306 7.5 High2023-12-14
CVE-2023-6367 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Roles — WhatsUp GoldCWE-79 7.6 High2023-12-14
CVE-2023-6366 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Alert Center — WhatsUp GoldCWE-79 7.6 High2023-12-14
CVE-2023-6365 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Device Groups — WhatsUp GoldCWE-79 7.6 High2023-12-14
CVE-2023-6364 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Dashboard — WhatsUp GoldCWE-79 7.6 High2023-12-14
CVE-2023-6218 MOVEit Transfer Group Admin Privilege Escalation — MOVEit TransferCWE-269 7.2 High2023-11-29
CVE-2023-6217 MOVEit Transfer XSS via MOVEit Gateway — MOVEit TransferCWE-79 7.1 High2023-11-29
CVE-2023-42659 WS_FTP Server Arbitrary File Upload — WS_FTP ServerCWE-434 9.1 Critical2023-11-07
CVE-2023-42658 InSpec Archive Command Vulnerable to Maliciously Crafted Profile — Chef InSpecCWE-94 8.8 High2023-10-31
CVE-2023-40050 Automate Vulnerable to Malicious Content Uploaded Through Embedded Compliance Application — Chef AutomateCWE-94 9.9 Critical2023-10-31
CVE-2023-40049 WS_FTP Server Information Disclosure via Directory Listing — WS_FTP ServerCWE-200 5.3 Medium2023-09-27
CVE-2023-40048 WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability — WS_FTP ServerCWE-352 6.8 Medium2023-09-27
CVE-2023-40047 WS_FTP Server Stored Cross-Site Scripting Vulnerability — WS_FTP ServerCWE-79 8.3 High2023-09-27
CVE-2023-40046 WS_FTP Server SQL Injection via Administrative Interface — WS_FTP ServerCWE-89 8.2 High2023-09-27
CVE-2023-40045 WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability — WS_FTP ServerCWE-79 8.3 High2023-09-27
CVE-2023-42657 WS_FTP Server Directory Traversal — WS_FTP ServerCWE-22 9.9 Critical2023-09-27
CVE-2023-40044 WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability — WS_FTP ServerCWE-502 10.0 Critical2023-09-27
CVE-2023-42656 MOVEit Transfer Reflected XSS — MOVEit TransferCWE-79 6.1 Medium2023-09-20
CVE-2023-40043 MOVEit Transfer System Administrator SQL Injection — MOVEit TransferCWE-89 7.2 High2023-09-20
CVE-2023-42660 MOVEit Transfer Machine Interface SQL Injection — MOVEit TransferCWE-89 8.8 High2023-09-20

This page lists every published CVE security advisory associated with Progress Software Corporation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.