11 matches found
CVE-2024-3543
CVE-2024-3543 concerns Kemp LoadMaster components where a reversible password encryption method can be used to decrypt stored passwords. The underlying issue is that sensitive credentials can be decrypted by an attacker, enabling use of stolen credentials for arbitrary actions that could compromi...
CVE-2024-3544
CVE-2024-3544 concerns Kemp LoadMaster in HA/Cluster partner communications. The vulnerability allows unauthenticated attackers who share network access to the affected machine to perform actions using SSH private keys. Root cause is insufficient authentication between partners during communicati...
CVE-2024-56131
CVE-2024-56131 (and related CVEs 56132–56135) affect Progress LoadMaster and associated products, exposing OS command injection via improper input validation when an authenticated user interacts with the management interface. Affected versions include LoadMaster 7.2.55.0–7.2.60.1 (inclusive), 7.2...
CVE-2024-56135
Progress LoadMaster contains an Improper Input Validation vulnerability (CVE-2024-56135) affecting multiple LoadMaster versions from 7.2.48.12 and earlier, 7.2.49.0–7.2.54.12, and 7.2.55.0–7.2.60.1 (inclusive), with fixes in 7.2.54.13 (LTSF) and 7.2.61.0 (GA). The issue allows an authenticated us...
CVE-2024-2449
CVE-2024-2449 describes a cross-site request forgery in Kemp LoadMaster. An authenticated LoadMaster administrator, who knows the IP/hostname, can be lured to a malicious site where a CSRF payload issues HTTP transactions on behalf of the admin. The core impact is unauthorized actions performed i...
CVE-2024-2448
CVE-2024-2448 describes an OS command injection in Kemp/LoadMaster. An authenticated UI user with any permission level can inject commands into a UI component via a shell command, leading to possible OS command execution with high impact (confidentiality, integrity, availability all high). Affect...
CVE-2024-56134
Progress LoadMaster has a class of vulnerabilities described as Improper Input Validation for authenticated users, enabling OS command injection. Affected are LoadMaster releases 7.2.55.0–7.2.60.1 (inclusive), 7.2.49.0–7.2.54.12 (inclusive), 7.2.48.12 and earlier; Multi-Tenant LoadMaster 7.1.35.1...
CVE-2024-56132
The CVE-2024-56132 issue affects Progress LoadMaster and relates to improper input validation in the management interface, enabling potential OS command injection when an authenticated user sends crafted requests. The affected versions span LoadMaster 7.2.55.0–7.2.60.1 (inclusive), 7.2.49.0–7.2.5...
CVE-2024-56133
CVE-2024-56133 is a known issue in Progress LoadMaster involving improper input validation that enables an unauthenticated or authenticated user to trigger an OS command injection via the management interface. The vulnerability affects LoadMaster versions: 7.2.55.0–7.2.60.1 (inclusive) , 7.2.49.0...
CVE-2024-6658
CVE-2024-6658 is an Improper Input Validation vulnerability affecting Kemp LoadMaster products. The issue allows an authenticated user to trigger OS command injection due to improper input validation in LoadMaster’s exposed functionality. Affected versions include LoadMaster 7.2.55.0–7.2.60.0 (in...
CVE-2024-8755
CVE-2024-8755 is an Improper Input Validation vulnerability in Progress LoadMaster and Progress Multi-Tenant Hypervisor that allows OS Command Injection for authenticated users via the LoadMaster management interface. Affected: LoadMaster versions 7.2.55.0–7.2.60.1; 7.2.49.0–7.2.54.12; 7.2.48.12 ...