Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now

A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885 CVSS score: 9.8, an unauthenticated remote code execution bug impacting version...

Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk

Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327 CVSS score: 9.9, impacts Report Server version 2024 Q2 10.1.24.514 and...

Progress Software WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetASPReport method. The issue results from the lack of...

Progress Software WhatsUp Gold CommunityController Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CommunityController class. The issue results from the lack of proper...

Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from th...

Progress Software WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the APM module. The issue results from the lack of proper validation of...

Progress Software WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WriteDataFile method. The issue results from the lack of proper...

Progress Software WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the SessionControler class. The issue results from the lack ...

Progress Software WhatsUp Gold OnMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of OnMessage method. The issue results from the lack of...

Progress Software WhatsUp Gold InstallController Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InstallController class. The issue results from the lac...

Progress Software WhatsUp Gold Missing Authentication GetWindowsCredential Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetWindowsCredential method. The issue results from the lack ...

Progress Software WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of LoadCSSUsingBasePath method. The issue...

Progress Software WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request from a local machine in order to exploit this...

Progress Software WhatsUp Gold LoadUsingBasePath Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LoadUsingBasePath method. The issue results from the lack of...

Critical Vulnerabilities Patched in Progress Software’s MOVEit

...

Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP!

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 CVSS score: 9.1, concerns an authentication bypass that...

Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability

Talos Vulnerability Report TALOS-2024-1934 Progress Software Corporation WhatsUp Gold TestController Chart denial of service vulnerability June 26, 2024 CVE Number CVE-2024-5011 SUMMARY An uncontrolled resource consumption vulnerability exists in the TestController Chart functionality of Progress...

Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability

Talos Vulnerability Report TALOS-2024-1932 Progress Software Corporation WhatsUp Gold AppProfileImport path traversal vulnerability June 26, 2024 CVE Number CVE-2024-5017 SUMMARY A path traversal vulnerability exists in the AppProfileImport functionality of Progress Software Corporation WhatsUp...

Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities

Talos Vulnerability Report TALOS-2024-1933 Progress Software Corporation WhatsUp Gold TestController multiple information disclosure vulnerabilities June 26, 2024 CVE Number CVE-2024-5010 SUMMARY An information disclosure vulnerability exists in the TestController functionality of Progress Softwa...

Authentication Bypasses in MOVEit Transfer and MOVEit Gateway

On June 25, 2024, Progress Software published information on two new vulnerabilities in MOVEit Transfer and MOVEit Gateway: CVE-2024-5806, a critical authentication bypass affecting the MOVEit Transfer SFTP service in a default configuration; and CVE-2024-5805, a critical SFTP-associated...