Browse all 25 CVE security advisories affecting Progress. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Progress Software provides enterprise middleware, database management, and application development tools, primarily serving large organizations requiring robust data integration and legacy system support. With twenty-five recorded Common Vulnerabilities and Exposures (CVEs), the vendor’s attack surface has historically been plagued by critical flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues frequently stem from improper input validation and insufficient access controls within its middleware components, such as OpenEdge and DataDirect. Notable incidents involve authenticated attackers exploiting weak authentication mechanisms to gain unauthorized administrative access, potentially leading to complete system compromise. The recurring nature of these defects highlights persistent challenges in securing complex, long-standing software architectures. Consequently, organizations relying on Progress technologies must prioritize rigorous patch management and strict network segmentation to mitigate the risk of exploitation against these known weaknesses.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-7346 | Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation — OpenEdgeCWE-297 | 7.2 | High | 2024-09-03 |
| CVE-2024-7345 | Direct local client connections to MS Agents can bypass authentication — OpenEdgeCWE-94 | 8.3 | High | 2024-09-03 |
| CVE-2024-7654 | Unauthenticated Content Injection in OpenEdge Management web interface via ActiveMQ discovery service — OpenEdgeCWE-79 | 8.3 | High | 2024-09-03 |
| CVE-2024-1403 | Authentication Bypass in OpenEdge Authentication Gateway and AdminServer — OpenEdgeCWE-305 | 10.0 | Critical | 2024-02-27 |
This page lists every published CVE security advisory associated with Progress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.