CVE-2024-1403

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...

Progress OpenEdge Installed (Linux)

Binary data progressopenedgenixinstalled.nbin...

CVE-2024-7654

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other...

CVE-2024-7654

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other...

CVE-2024-7345

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms...

CVE-2024-7345

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms...

CVE-2024-7346

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...

CVE-2024-7346

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...

CVE-2024-7346 Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...

CVE-2024-7346

CVE-2024-7346 affects Progress OpenEdge: using the installed default TLS certificates allows bypassing host-name validation during TLS handshakes in network connections. The issue is fixed by requiring CA-signed certificates that contain sufficient information to support host-name validation; def...

CVE-2024-7346 Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...

CVE-2024-7345 Direct local client connections to MS Agents can bypass authentication

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms...

CVE-2024-7345

CVE-2024-7345 involves a Local ABL Client bypassing PASOE security checks that can enable unauthorized code injection into OpenEdge Multi-Session Agents. Affected OpenEdge LTS platforms include versions up to 11.7.18 and 12.2.13 on all supported releases. Root cause: bypass of required PASOE secu...

CVE-2024-7345 Direct local client connections to MS Agents can bypass authentication

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms...

CVE-2024-7654 Unauthenticated Content Injection in OpenEdge Management web interface via ActiveMQ discovery service

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other...

CVE-2024-7654 Unauthenticated Content Injection in OpenEdge Management web interface via ActiveMQ discovery service

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other...

CVE-2024-7654

The CVE affects Progress OpenEdge Management with OEE/OEM auto-discovery, where the ActiveMQ Discovery service was reachable by default. Unauthorized access to the discovery service’s UDP port allowed content injection into parts of the OEM web interface, enabling potential user deception. Public...

Progress Software OpenEdge 安全漏洞

Progress Software OpenEdge is a suite of integrated development environments IDEs from Progress Software, USA. A security vulnerability exists in Progress Software OpenEdge that originates from a hostname validation that allows bypassing TLS certificates...

Progress Software OpenEdge 安全漏洞

Progress Software OpenEdge is a suite of integrated development environments IDEs from Progress Software, USA. A security vulnerability exists in Progress Software OpenEdge versions 11.7.18 and 12.2.13. An attacker can exploit the vulnerability to inject unauthorized code into a multi-session age...

Progress Software OpenEdge 安全漏洞

Progress Software OpenEdge is a suite of integrated development environments IDEs from Progress Software, USA. A security vulnerability exists in Progress Software OpenEdge that stems from a default that allows access to the ActiveMQ Discovery service from the OpenEdge Management installation...