Openedge@* Security Vulnerabilities and Issues — Openedge@* CVE List

Lucene search

ProgressOpenedge*

8 matches found

CVE•added 2024/02/27 4:15 p.m.•242 views

CVE-2024-1403

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. Thevulnerability is a bypass to authentication based on a failure to properlyhandle username and passw...

10CVSS9.7AI score0.09156EPSS

CVE•added 2022/05/02 12:15 a.m.•52 views

CVE-2022-29849

In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system.

7.8CVSS7.5AI score0.00011EPSS

CVE•added 2024/01/18 3:15 p.m.•47 views

CVE-2023-40051

This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system r...

9.9CVSS9.3AI score0.00024EPSS

CVE•added 2024/09/03 3:15 p.m.•46 views

CVE-2024-7345

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms

9.6CVSS8.5AI score0.00372EPSS

CVE•added 2024/09/03 3:15 p.m.•39 views

CVE-2024-7346

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be ...

7.2CVSS5.8AI score0.00031EPSS

CVE•added 2024/09/03 3:15 p.m.•39 views

CVE-2024-7654

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other ty...

8.3CVSS7.3AI score0.00097EPSS

CVE•added 2023/06/23 8:15 p.m.•27 views

CVE-2023-34203

In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and...

8.8CVSS8.8AI score0.00693EPSS

CVE•added 2024/01/18 3:15 p.m.•25 views

CVE-2023-40052

This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities...

7.5CVSS7.5AI score0.0003EPSS