12 matches found
CVE-2015-9245
Progress Software OpenEdge 10.2x and 11.x are affected by CVE-2015-9245 due to an insecure default configuration. The vulnerability allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes through port 20931. This is rooted in the def...
CVE-2024-1403
CVE-2024-1403 affects Progress OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, and 12.8.1. The flaw is an authentication bypass caused by improper handling of credentials, where unexpected content can bypass authentication via the authorizeUser() flow that validates aga...
CVE-2022-29849
CVE-2022-29849 affects Progress OpenEdge; vulnerable in OpenEdge versions before 11.7.14 and 12.x before 12.2.9 due to privilege-escalation risk from certain SUID binaries. Local attackers could elevate privileges on the affected system. Remediation: upgrade to OpenEdge 11.7.14 or later, or 12.2....
CVE-2023-40051
CVE-2023-40051 affects Progress Application Server (PAS) for OpenEdge. A WEB transport request can allow unintended file uploads to a server directory path on the PASOE host, potentially enabling a later attack if the uploaded payload is exploitable. Affected versions are 11.7 before 11.7.18, 12....
CVE-2024-7345
CVE-2024-7345 involves a Local ABL Client bypassing PASOE security checks that can enable unauthorized code injection into OpenEdge Multi-Session Agents. Affected OpenEdge LTS platforms include versions up to 11.7.18 and 12.2.13 on all supported releases. Root cause: bypass of required PASOE secu...
CVE-2007-2417
CVE-2007-2417 concerns a heap-based overflow in Progress OpenEdge’s Progress server component _mprosrv.exe. The vulnerability affects Progress OpenEdge 9.1E and 10.1x (via the Progress server) and can be triggered by crafted TCP packets received on the server, leading to potential remote code exe...
CVE-2024-7654
The CVE affects Progress OpenEdge Management with OEE/OEM auto-discovery, where the ActiveMQ Discovery service was reachable by default. Unauthorized access to the discovery service’s UDP port allowed content injection into parts of the OEM web interface, enabling potential user deception. Public...
CVE-2014-8555
CVE-2014-8555 : A directory traversal in Progress OpenEdge 11.2’s report/reportViewAction.jsp allows remote attackers to read arbitrary files by manipulating the selection parameter with dot-dot sequences. Public exploit references (Exploits/35127, PacketStorm) describe requesting URLs like repor...
CVE-2024-7346
CVE-2024-7346 affects Progress OpenEdge: using the installed default TLS certificates allows bypassing host-name validation during TLS handshakes in network connections. The issue is fixed by requiring CA-signed certificates that contain sufficient information to support host-name validation; def...
CVE-2007-3491
CVE-2007-3491 concerns a buffer overflow in Progress OpenEdge’s _mprosrv (before 9.1E0422 and before 10.1B01 for 10.x) that can be triggered by a malformed TCP/IP message. The available documents identify the affected component (_mprosrv.exe) and the vulnerable versions, with an remote-access vec...
CVE-2023-34203
CVE-2023-34203 affects Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer). A remote user who has any OEM or OEE role can perform a URL injection attack to change identity or role membership, enabling escalation to admin. Affected versions are: OpenEdge LTS before 11.7.16; Ope...
CVE-2023-40052
CVE-2023-40052 affects Progress Application Server (PAS) for OpenEdge. A malformed web request can crash a PASOE agent, potentially disrupting thread activities of multiple web application clients and causing DoS due to flooding of invalid requests. Affected versions are 11.7 < 11.7.18, 12.2