- How many CVEs does Progress have?
- Progress has 289 published CVE records since 2000, including 76 in the last two years.
- How many Progress CVEs are in CISA KEV?
- Yes — 10 of Progress's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Progress products have the most CVEs?
- The Progress products with the most published CVEs are WhatsUp Gold, MOVEit Transfer, WS_FTP Server, Sitefinity, LoadMaster.
- What are the most common weakness types in Progress CVEs?
- Progress's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-502 (Deserialization of Untrusted Data), CWE-20 (Improper Input Validation).
- Are there public exploits for Progress vulnerabilities?
- Yes — 58 of Progress's CVEs have a known public exploit.
- How many critical Progress vulnerabilities are there?
- Progress has 70 critical and 153 high-severity CVEs.
- What is the average severity of Progress CVEs?
- The average CVSS base score across Progress's scored CVEs is 7.9.