Process Software
Products
10- 10 CVEs
- 5 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
23| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9245 | Cri | 0.64 | 9.8 | 0.02 | Oct 31, 2017 | Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | ||
| CVE-2014-8555 | 0.04 | — | 0.07 | Nov 12, 2014 | Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter. | |||
| CVE-2008-5120 | 0.04 | — | 0.10 | Nov 18, 2008 | Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string. | |||
| CVE-2007-2506 | 0.03 | — | 0.04 | May 4, 2007 | WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by… | |||
| CVE-2007-2417 | 0.01 | — | 0.16 | Jul 15, 2007 | Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via… | |||
| CVE-2026-2878 | 0.00 | — | 0.00 | Feb 25, 2026 | In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering. | |||
| CVE-2025-6505 | 0.00 | — | 0.00 | Jul 29, 2025 | Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and… | |||
| CVE-2025-6504 | 0.00 | — | 0.00 | Jul 29, 2025 | In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header. Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range. This… | |||
| CVE-2025-3600 | 0.00 | — | 0.19 | May 14, 2025 | In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service. | |||
| CVE-2024-8015 | 0.00 | — | 0.01 | Oct 9, 2024 | In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||
| CVE-2024-7840 | 0.00 | — | 0.01 | Oct 9, 2024 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||
| CVE-2024-8048 | 0.00 | — | 0.00 | Oct 9, 2024 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. | |||
| CVE-2024-8014 | 0.00 | — | 0.01 | Oct 9, 2024 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||
| CVE-2024-7654 | 0.00 | — | 0.00 | Sep 3, 2024 | An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it… | |||
| CVE-2024-6096 | 0.00 | — | 0.01 | Jul 24, 2024 | In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||
| CVE-2024-4200 | 0.00 | — | 0.00 | May 15, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | |||
| CVE-2024-4202 | 0.00 | — | 0.00 | May 15, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. | |||
| CVE-2024-1856 | 0.00 | — | 0.01 | Mar 20, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. | |||
| CVE-2024-1801 | 0.00 | — | 0.00 | Mar 20, 2024 | In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | |||
| CVE-2024-0832 | 0.00 | — | 0.00 | Jan 31, 2024 | In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the… |
- risk 0.64cvss 9.8epss 0.02
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.
- CVE-2014-8555Nov 12, 2014risk 0.04cvss —epss 0.07
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter.
- CVE-2008-5120Nov 18, 2008risk 0.04cvss —epss 0.10
Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.
- CVE-2007-2506May 4, 2007risk 0.03cvss —epss 0.04
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by…
- CVE-2007-2417Jul 15, 2007risk 0.01cvss —epss 0.16
Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via…
- CVE-2026-2878Feb 25, 2026risk 0.00cvss —epss 0.00
In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.
- CVE-2025-6505Jul 29, 2025risk 0.00cvss —epss 0.00
Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and…
- CVE-2025-6504Jul 29, 2025risk 0.00cvss —epss 0.00
In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header. Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range. This…
- CVE-2025-3600May 14, 2025risk 0.00cvss —epss 0.19
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.
- CVE-2024-8015Oct 9, 2024risk 0.00cvss —epss 0.01
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
- CVE-2024-7840Oct 9, 2024risk 0.00cvss —epss 0.01
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
- CVE-2024-8048Oct 9, 2024risk 0.00cvss —epss 0.00
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
- CVE-2024-8014Oct 9, 2024risk 0.00cvss —epss 0.01
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
- CVE-2024-7654Sep 3, 2024risk 0.00cvss —epss 0.00
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it…
- CVE-2024-6096Jul 24, 2024risk 0.00cvss —epss 0.01
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
- CVE-2024-4200May 15, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
- CVE-2024-4202May 15, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
- CVE-2024-1856Mar 20, 2024risk 0.00cvss —epss 0.01
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability.
- CVE-2024-1801Mar 20, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
- CVE-2024-0832Jan 31, 2024risk 0.00cvss —epss 0.00
In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the…