CVE-2024-2449

🗓️ 22 Mar 2024 13:35:39Reported by ProgressSoftwareType

LoadMaster has CSRF vulnerability allowing attackers to redirect admin to malicious site

Reporter	Title	Published	Views	Family All 12
CNNVD	LoadMaster 安全漏洞	22 Mar 202400:00	–	cnnvd
CNNVD	Kemp LoadMaster 跨站请求伪造漏洞	22 Mar 202400:00	–	cnnvd
Cvelist	CVE-2024-2448 LoadMaster Command Injection Vulnerability	22 Mar 202413:32	–	cvelist
Cvelist	CVE-2024-2449 LoadMaster Cross-Site Request Forgery (CSRF)	22 Mar 202413:35	–	cvelist
EUVD	EUVD-2024-27398	3 Oct 202520:07	–	euvd
NVD	CVE-2024-2449	22 Mar 202414:15	–	nvd
OSV	CVE-2024-2448	22 Mar 202414:15	–	osv
OSV	CVE-2024-2449	22 Mar 202414:15	–	osv
Positive Technologies	PT-2024-3305 · Kemp · Loadmaster	22 Mar 202400:00	–	ptsecurity
Positive Technologies	PT-2024-3306 · Kemp Technologies · Loadmaster	22 Mar 202400:00	–	ptsecurity

NVD

Node

progress loadmasterRange7.2.49.0–7.2.54.9ltsf

progress loadmasterRange7.2.55.0–7.2.59.3ga

progress loadmasterMatch7.1.35.10mt

progress loadmasterMatch7.2.48.10lts

[
  {
    "defaultStatus": "affected",
    "modules": [
      "LoadMaster",
      "Multi-Tenancy",
      "ECS Connection Manager",
      "LM 360 Connector"
    ],
    "product": "LoadMaster",
    "vendor": "Progress Software",
    "versions": [
      {
        "lessThan": "7.2.59.3 ( LoadMaster GA)",
        "status": "affected",
        "version": "7.2.55.0",
        "versionType": "semver"
      },
      {
        "lessThan": "7.2.54.9 ( LoadMaster LTSF)",
        "status": "affected",
        "version": "7.2.49.0",
        "versionType": "semver"
      },
      {
        "lessThan": "7.2.48.11 (LoadMaster LTS)",
        "status": "affected",
        "version": "7.2.48.10",
        "versionType": "semver"
      },
      {
        "lessThan": "7.1.35.11 (LoadMaster MT)",
        "status": "affected",
        "version": "7.1.35.10",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
progress	www.progress.com/loadmaster
support	www.support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449

10 Feb 2025 19:33Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.5

EPSS0.03321

SSVC

CWE-352