Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Progress — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting Progress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Progress Software provides enterprise middleware, database management, and application development tools, primarily serving large organizations requiring robust data integration and legacy system support. With twenty-five recorded Common Vulnerabilities and Exposures (CVEs), the vendor’s attack surface has historically been plagued by critical flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues frequently stem from improper input validation and insufficient access controls within its middleware components, such as OpenEdge and DataDirect. Notable incidents involve authenticated attackers exploiting weak authentication mechanisms to gain unauthorized administrative access, potentially leading to complete system compromise. The recurring nature of these defects highlights persistent challenges in securing complex, long-standing software architectures. Consequently, organizations relying on Progress technologies must prioritize rigorous patch management and strict network segmentation to mitigate the risk of exploitation against these known weaknesses.

Top products by Progress: LoadMaster MOVEit Transfer OpenEdge DataDirect Connect for JDBC for Amazon Redshift ShareFile Storage Zones Controller MOVEit Gateway Sitefinity
CVE IDTitleCVSSSeverityPublished
CVE-2026-2701 RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC) — ShareFile Storage Zones ControllerCWE-434 9.1 Critical2026-04-02
CVE-2026-2699 EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC) — ShareFile Storage Zones ControllerCWE-698 9.8 Critical2026-04-02
CVE-2025-11235 MOVEit Transfer REST API does not require current password in order to initiate the password change process — MOVEit TransferCWE-620 3.7 Low2026-01-06
CVE-2025-13147 External Service Interaction (DNS) — MOVEit TransferCWE-918 5.3 Medium2025-11-19
CVE-2025-10703 Progress多款产品 代码注入漏洞 — DataDirect Connect for JDBC for Amazon RedshiftCWE-94 9.8AICriticalAI2025-11-19
CVE-2025-10702 Progress多款产品 代码注入漏洞 — DataDirect Connect for JDBC for Amazon RedshiftCWE-94 9.8AICriticalAI2025-11-19
CVE-2025-10932 AS2 module allows uncontrolled file uploads — MOVEit TransferCWE-400 8.2 High2025-10-29
CVE-2025-1758 Progress LoadMaster 安全漏洞 — LoadMasterCWE-121 4.3 Medium2025-03-19
CVE-2025-2324 A MOVEit Transfer user configured as a Shared Account can gain unintended List permissions on a folder — MOVEit TransferCWE-269 5.9 Medium2025-03-19
CVE-2024-56135 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. — LoadMasterCWE-20 8.4 High2025-02-05
CVE-2024-56134 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. — LoadMasterCWE-20 8.4 High2025-02-05
CVE-2024-56133 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. — LoadMasterCWE-20 8.4 High2025-02-05
CVE-2024-56132 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. — LoadMasterCWE-20 8.4 High2025-02-05
CVE-2024-56131 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. — LoadMasterCWE-20 8.4 High2025-02-05
CVE-2024-11627 Progress Sitefinity 安全漏洞 — SitefinityCWE-613 6.8 Medium2025-01-07
CVE-2024-8755 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. — LoadMasterCWE-20 8.4 High2024-10-11
CVE-2024-6658 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection. — LoadMasterCWE-20 8.4 High2024-09-12
CVE-2024-7591 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection — LoadMasterCWE-78 10.0 Critical2024-09-05
CVE-2024-7346 Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation — OpenEdgeCWE-297 7.2 High2024-09-03
CVE-2024-7345 Direct local client connections to MS Agents can bypass authentication — OpenEdgeCWE-94 8.3 High2024-09-03
CVE-2024-7654 Unauthenticated Content Injection in OpenEdge Management web interface via ActiveMQ discovery service — OpenEdgeCWE-79 8.3 High2024-09-03
CVE-2024-6576 MOVEit Transfer Privilege Escalation Vulnerability — MOVEit TransferCWE-287 7.3 High2024-07-29
CVE-2024-5806 MOVEit Transfer Authentication Bypass Vulnerability — MOVEit TransferCWE-287 9.1 Critical2024-06-25
CVE-2024-5805 MOVEit Gateway Authentication Bypass Vulnerability — MOVEit GatewayCWE-287 9.1 Critical2024-06-25
CVE-2024-1403 Authentication Bypass in OpenEdge Authentication Gateway and AdminServer — OpenEdgeCWE-305 10.0 Critical2024-02-27

This page lists every published CVE security advisory associated with Progress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.