CVE-2023-40052

CVE-2023-40052 affects Progress Application Server (PAS) for OpenEdge. A malformed web request can crash a PASOE agent, potentially disrupting thread activities of multiple web application clients and causing DoS due to flooding of invalid requests. Affected versions are 11.7 < 11.7.18, 12.2

CVE-2023-40052 Progress Application Server (PAS) for OpenEdge Denial of Service

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities...

CVE-2023-40052 Progress Application Server (PAS) for OpenEdge Denial of Service

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities...

CVE-2023-40051 Progress Application Server (PAS) for OpenEdge File Upload via Directory Traversal

This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system...

CVE-2023-40051

CVE-2023-40051 affects Progress Application Server (PAS) for OpenEdge. A WEB transport request can allow unintended file uploads to a server directory path on the PASOE host, potentially enabling a later attack if the uploaded payload is exploitable. Affected versions are 11.7 before 11.7.18, 12....

Progress Software OpenEdge Code Issue Vulnerability

Progress Software OpenEdge is a suite of integrated development environments IDEs from the US-based Progress Software. A security vulnerability exists in Progress Software OpenEdge version 11.7 through 11.7.18 and version 12.2 through 12.2.13. An attacker could exploit this vulnerability to...

Progress Software OpenEdge Buffer Error Vulnerability

Progress Software OpenEdge is a suite of integrated development environments IDEs from the US-based Progress Software. A security vulnerability exists in Progress Software OpenEdge versions 11.7 through 11.7.18 and 12.2 through 12.2.13. An attacker could exploit the vulnerability to cause the PAS...

PT-2024-12836 · Progress · Progress Application Server (Pas) For Openedge

Name of the Vulnerable Software and Affected Versions: Progress Application Server PAS for OpenEdge versions 11.7 prior to 11.7.18 Progress Application Server PAS for OpenEdge versions 12.2 prior to 12.2.13 Progress Application Server PAS for OpenEdge innovation releases prior to 12.8.0...

CVE-2023-34203

In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...

CVE-2023-34203

In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...

CVE-2023-34203

In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...

Design/Logic Flaw

In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...

Progress OpenEdge 注入漏洞

Progress OpenEdge is an application. A security vulnerability exists in Progress OpenEdge LTS versions prior to 11.7.16, 12.x through 12.2.12, and 12.3.x through 12.6.x. The vulnerability stems from a URL injection attack that can be executed by a remote user to change identity or role membership...

CVE-2023-34203

In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...

CVE-2023-34203

In Progress OpenEdge OEM OpenEdge Management and OEE OpenEdge Explorer before 12.7, a remote user who has any OEM or OEE role could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...

CVE-2023-34203

CVE-2023-34203 affects Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer). A remote user who has any OEM or OEE role can perform a URL injection attack to change identity or role membership, enabling escalation to admin. Affected versions are: OpenEdge LTS before 11.7.16; Ope...

PT-2023-24734 · Progress · Openedge

Name of the Vulnerable Software and Affected Versions: OpenEdge versions prior to 12.7 OpenEdge LTS versions prior to 11.7.16 OpenEdge 12.x versions prior to 12.2.12 OpenEdge 12.3.x through 12.6.x Description: A remote user with any OEM or OEE role could perform a URL injection attack to change...

PT-2023-16960 · Progress · Openedge Authentication Gateway +1

Name of the Vulnerable Software and Affected Versions: Weaver Xtreme Theme for WordPress versions up to and including 5.0.7 OpenEdge Authentication Gateway and AdminServer versions prior to 11.7.19, 12.2.14, and 12.8.1 Description: The issue concerns stored Cross-Site Scripting in the Weaver Xtre...

CVE-2022-29849

In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system...

CVE-2022-29849

In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system...