PT-2024-38482 · Progress +1 · Openedge Management +1

Name of the Vulnerable Software and Affected Versions: OpenEdge Management versions prior to 12.8.1 Description: The issue concerns an ActiveMQ Discovery service that was reachable by default from an OpenEdge Management installation when the OEE/OEM auto-discovery feature was activated...

PT-2024-38279 · Progress · Openedge

Name of the Vulnerable Software and Affected Versions: OpenEdge affected versions not specified Description: The issue concerns the bypassing of host name validation for TLS certificates when using the installed OpenEdge default certificates to perform the TLS handshake for a networked connection...

PT-2024-38278 · Progress · Openedge

Name of the Vulnerable Software and Affected Versions: OpenEdge LTS versions prior to 11.7.18 OpenEdge LTS versions prior to 12.2.13 Description: A Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents o...

Progress OpenEdge 11.7.x < 11.7.19 / 12.2.x < 12.2.13 / 12.8.x < 12.8.1 (000253075)

The version of Progress OpenEdge installed on the remote host is prior to 11.7.19, 12.2.13, or 12.8.1. It is, therefore, affected by a vulnerability as referenced in the 000253075 advisory. - In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms...

Progress OpenEdge Installed (Windows)

Binary data progressopenedgewininstalled.nbin...

The vulnerability of the software for managing OpenEdge Authentication Gateway lies in its ability to bypass authentication due to a fundamental error, allowing attackers to elevate their privileges.

The vulnerability of the software for managing OpenEdge Authentication Gateway lies in the ability to bypass authentication due to a fundamental error. Exploiting this vulnerability could allow an attacker, operating remotely, to increase their privileges...

Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

Technical specifics and a proof-of-concept PoC exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403...

Exploit for Authentication Bypass by Primary Weakness in Progress Openedge

CVE-2024-1403 Progress OpenEdge Authentication Bypass An explo...

EUVD-2024-17158

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...

CVE-2024-1403

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...

CVE-2024-1403

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...

Authentication flaw

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...

CVE-2024-1403 Authentication Bypass in OpenEdge Authentication Gateway and AdminServer

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...

CVE-2024-1403 Authentication Bypass in OpenEdge Authentication Gateway and AdminServer

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and...

CVE-2024-1403

CVE-2024-1403 affects Progress OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, and 12.8.1. The flaw is an authentication bypass caused by improper handling of credentials, where unexpected content can bypass authentication via the authorizeUser() flow that validates aga...

Progress Software OpenEdge Authentication Gateway Security Vulnerability

Progress Software OpenEdge Authentication Gateway is a Progress Software for providing authentication services in OpenEdge environments. A security vulnerability exists in Progress Software OpenEdge Authentication Gateway that stems from the presence of an authentication bypass vulnerability...

PT-2024-2025

Name of the Vulnerable Software and Affected Versions: Progress OpenEdge Authentication Gateway versions prior to 11.7.19 Progress OpenEdge AdminServer versions prior to 11.7.19 Progress OpenEdge Authentication Gateway versions prior to 12.2.14 Progress OpenEdge AdminServer versions prior to...

CVE-2023-40052

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities...

CVE-2023-40051

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system...

Code injection

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities...