Progress Luki w zabezpieczeniach

Oś czasu

Rodzaj

Produkt

Progress MOVEit Transfer23
Progress WS_FTP Server12
Progress Sitefinity11
Progress WhatsUp Gold9
Progress OpenEdge7

Przeciwdziałanie

Official Fix86
Temporary Fix0
Workaround1
Unavailable0
Not Defined20

Wykorzystywanie

High1
Functional0
Proof-of-Concept8
Unproven1
Not Defined97

Wektor dostępu

Not Defined0
Physical0
Local13
Adjacent13
Network81

Uwierzytelnianie

Not Defined0
High10
Low42
None55

Interakcja z użytkownikiem

Not Defined0
Required28
None79

C3BM Index

CVSSv3 Base

≤10
≤20
≤30
≤43
≤517
≤627
≤713
≤824
≤917
≤106

CVSSv3 Temp

≤10
≤20
≤30
≤43
≤519
≤629
≤714
≤823
≤915
≤104

VulDB

≤10
≤20
≤36
≤416
≤519
≤617
≤718
≤824
≤92
≤105

NVD

≤10
≤20
≤30
≤40
≤52
≤611
≤713
≤812
≤98
≤1017

CNA

≤10
≤20
≤30
≤40
≤52
≤62
≤72
≤817
≤98
≤108

Sprzedawca

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploit 0-day

<1k22
<2k66
<5k19
<10k0
<25k0
<50k0
<100k0
≥100k0

Wykorzystaj dzisiaj

<1k105
<2k2
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

Affected Products (35): 4GL Compiler (1), Chef Automate (1), Chef InSpec (1), Chef Infra Client (1), Chef Infra Server (1), DataDirect Connect for ODBC (2), Database (4), Flowmon FPI (1), Flowmon OS (1), JustAssembly (1), JustDecompile (1), Kendo UI Editor (1), LoadMaster (3), MOVEit Automation (1), MOVEit Transfer (23), Messenger (1), OpenEdge (7), OpenEdge OEE (1), OpenEdge OEM (1), Redirection (1), Sitefinity (11), Sitefinity CMS (5), Telerik JustDecompile (1), Telerik Report Server (1), Telerik Reporting (3), Telerik Test Studio (1), Telerik UI for ASP.NET AJAX (2), UI for ASP.NET AJAX (2), UI for Silverlight (1), WS_FTP Server (12), WebSpeed (1), Webspeed (1), Webspeed Messenger (1), WhatsUp Gold (9), Whatsup Gold (4)

OpublikowanoBaseTempSłaby punktProdWykPrzCTIEPSSCVE
2024-03-225.95.8Progress LoadMaster cross site request forgeryNieznanyNot DefinedOfficial Fix0.020.00043CVE-2024-2449
2024-03-227.67.4Progress LoadMaster privilege escalationNieznanyNot DefinedOfficial Fix0.000.00043CVE-2024-2448
2024-03-204.34.2Progress MOVEit Transfer nieznana lukaNieznanyNot DefinedOfficial Fix0.020.00043CVE-2024-2291
2024-03-209.39.1Progress Telerik Report Server privilege escalationReporting SoftwareNot DefinedOfficial Fix0.020.00043CVE-2024-1800
2024-03-206.56.4Progress Telerik Reporting privilege escalationReporting SoftwareNot DefinedOfficial Fix0.030.00043CVE-2024-1801
2024-03-208.07.8Progress Telerik Reporting privilege escalationReporting SoftwareNot DefinedOfficial Fix0.020.00043CVE-2024-1856
2024-02-285.75.7Progress Sitefinity Page Editing Area cross site scriptingNieznanyNot DefinedOfficial Fix0.040.00043CVE-2024-1636
2024-02-286.56.4Progress Sitefinity Administrative Area privilege escalationNieznanyNot DefinedOfficial Fix0.020.00043CVE-2024-1632
2024-02-279.99.7Progress OpenEdge weak authenticationNieznanyNot DefinedOfficial Fix0.020.00043CVE-2024-1403
2024-02-218.68.5Progress LoadMaster privilege escalationNieznanyNot DefinedOfficial Fix0.030.00721CVE-2024-1212
2024-02-215.35.2Progress WS_FTP Server Administrative Interface cross site scriptingFile Transfer SoftwareNot DefinedOfficial Fix0.020.00043CVE-2024-1474
2024-01-317.57.4Progress Telerik Test Studio Applications Installer privilege escalationNieznanyNot DefinedOfficial Fix0.040.00061CVE-2024-0833
2024-01-317.57.4Progress Telerik Reporting Applications Installer privilege escalationReporting SoftwareNot DefinedOfficial Fix0.020.00061CVE-2024-0832
2024-01-317.57.4Progress Telerik JustDecompile Applications Installer privilege escalationNieznanyNot DefinedOfficial Fix0.030.00061CVE-2024-0219
2024-01-187.57.3Progress OpenEdge Web Request memory corruptionNieznanyNot DefinedOfficial Fix0.020.00046CVE-2023-40052
2024-01-188.48.3Progress OpenEdge Web Transport Request privilege escalationNieznanyNot DefinedOfficial Fix0.040.00050CVE-2023-40051
2024-01-176.86.6Progress MOVEit Transfer HTTPS Transaction denial of serviceNieznanyNot DefinedOfficial Fix0.040.00063CVE-2024-0396
2023-12-204.44.4Progress Sitefinity privilege escalationNieznanyNot DefinedOfficial Fix0.020.00063CVE-2023-6784
2023-12-145.15.1Progress WhatsUp Gold Role cross site scriptingNetwork Management SoftwareNot DefinedOfficial Fix0.000.00045CVE-2023-6367
2023-12-145.04.9Progress WhatsUp Gold Alert Center cross site scriptingNetwork Management SoftwareNot DefinedOfficial Fix0.000.00045CVE-2023-6366
2023-12-146.06.0Progress WhatsUp Gold API Endpoint privilege escalationNetwork Management SoftwareNot DefinedOfficial Fix0.000.00052CVE-2023-6595
2023-12-145.04.9Progress WhatsUp Gold privilege escalationNetwork Management SoftwareNot DefinedOfficial Fix0.050.00052CVE-2023-6368
2023-12-145.04.9Progress WhatsUp Gold Dashboard cross site scriptingNetwork Management SoftwareNot DefinedOfficial Fix0.020.00045CVE-2023-6364
2023-12-145.15.1Progress WhatsUp Gold Device Group cross site scriptingNetwork Management SoftwareNot DefinedOfficial Fix0.000.00045CVE-2023-6365
2023-11-295.85.8Progress MOVEit Transfer Gateway cross site scriptingNieznanyNot DefinedOfficial Fix0.030.00046CVE-2023-6217

82 więcej wpisów nie jest pokazywanych

Want to stay up to date on a daily basis?

Enable the mail alert feature now!