Lucene search

ProgressSoftwareCVE-2024-7591

HistorySep 05, 2024 - 6:15 p.m.

CVE-2024-7591

2024-09-0518:15:06

CWE-20

ProgressSoftware

web.nvd.nist.gov

progress loadmaster

input validation

os command injection

loadmaster

ecs

multi-tenancy

cve-2024-7591

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

Percentile

9.6%

JSON

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects:

LoadMaster: 7.2.40.0 and above
ECS: All versions
Multi-Tenancy: 7.1.35.4 and above

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "LoadMaster",
    "vendor": "Progress",
    "versions": [
      {
        "lessThan": "7.2.60.1",
        "status": "affected",
        "version": "7.2.40.0",
        "versionType": "LoadMaster"
      }
    ]
  }
]

References

support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591

Social References

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

Percentile

9.6%

JSON

Related for CVE-2024-7591