Progress Flowmon vulnerabilities
3 known vulnerabilities affecting progress/flowmon.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-2389P1CRITICALCVSS 9.8ExploitedPoCfixed in 11.1.14≥ 12.0.0, < 12.3.52024-04-02
CVE-2024-2389 [CRITICAL] CWE-78 CVE-2024-2389: In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
nvd
CVE-2026-3692P3HIGHCVSS 8.8fixed in 12.5.82026-04-02
CVE-2026-3692 [HIGH] CWE-78 CVE-2026-3692: In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-pr
In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server.
nvd
CVE-2026-2737P4MEDIUMCVSS 6.1≥ 12.0.0, < 12.5.8≥ 13.0.0, < 13.0.62026-04-02
CVE-2026-2737 [MEDIUM] CWE-79 CVE-2026-2737: A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administr
A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session.
nvd