42 matches found
CVE-2025-58457 Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands
Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue can be...
CVE-2025-58457 Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands
Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue can be...
CVE-2025-58457
Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue can be...
CVE-2025-58457
CVE-2025-58457 is an issue in ZooKeeper AdminServer where an improper permission check allows an authenticated client with insufficient privileges to run snapshot and restore commands. Affected versions are Apache ZooKeeper 3.9.0 through 3.9.3; the fix is available in 3.9.4.Mitigation steps from ...
PT-2025-39239
Name of the Vulnerable Software and Affected Versions Apache ZooKeeper versions 3.9.0 through 3.9.3 Description An improper permission check exists in the ZooKeeper AdminServer, allowing authorized clients to execute snapshot and restore commands with insufficient permissions. The issue can be...
CVE-2025-7388
It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...
CVE-2025-7388 Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface
It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...
CVE-2025-7388 Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface
It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...
PT-2025-35938
Name of the Vulnerable Software and Affected Versions OpenEdge AdminServer affected versions not specified Description The OpenEdge AdminServer is susceptible to Remote Command Execution RCE via its Java RMI interface. Authenticated users can inject and execute OS commands under the delegated...
Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability
Technical specifics and a proof-of-concept PoC exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403...
CVE-2024-1403
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...
CVE-2024-1403
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...
Authentication flaw
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...
CVE-2024-1403 Authentication Bypass in OpenEdge Authentication Gateway and AdminServer
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...
CVE-2024-1403 Authentication Bypass in OpenEdge Authentication Gateway and AdminServer
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...
CVE-2024-1403
CVE-2024-1403 affects Progress OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, and 12.8.1. The flaw is an authentication bypass caused by improper handling of credentials, where unexpected content can bypass authentication via the authorizeUser() flow that validates aga...
Progress Software OpenEdge Authentication Gateway Security Vulnerability
Progress Software OpenEdge Authentication Gateway is a Progress Software for providing authentication services in OpenEdge environments. A security vulnerability exists in Progress Software OpenEdge Authentication Gateway that stems from the presence of an authentication bypass vulnerability...
PT-2024-2025
Name of the Vulnerable Software and Affected Versions: Progress OpenEdge Authentication Gateway versions prior to 11.7.19 Progress OpenEdge AdminServer versions prior to 11.7.19 Progress OpenEdge Authentication Gateway versions prior to 12.2.14 Progress OpenEdge AdminServer versions prior to...
PT-2023-16960 · Progress · Openedge Authentication Gateway +1
Name of the Vulnerable Software and Affected Versions: Weaver Xtreme Theme for WordPress versions up to and including 5.0.7 OpenEdge Authentication Gateway and AdminServer versions prior to 11.7.19, 12.2.14, and 12.8.1 Description: The issue concerns stored Cross-Site Scripting in the Weaver Xtre...
Security Bulletin: A Zookeeper Remote DoS vulnerability affects IBM BigInsights (CVE-2017-1213 )
Summary A security vulnerability has been identified in Open Source Zookeeper that affects IBM BigInsights IBM Open Platform with Apache Hadoop. Vulnerability Details CVEID: CVE-2017-1213 DESCRIPTION: IBM BigInsights Zookeeper when accessed behind a firewall where Jetty AdminServer is not...