3 matches found
CVE-2024-7345
CVE-2024-7345 involves a Local ABL Client bypassing PASOE security checks that can enable unauthorized code injection into OpenEdge Multi-Session Agents. Affected OpenEdge LTS platforms include versions up to 11.7.18 and 12.2.13 on all supported releases. Root cause: bypass of required PASOE secu...
CVE-2024-7346
CVE-2024-7346 affects Progress OpenEdge: using the installed default TLS certificates allows bypassing host-name validation during TLS handshakes in network connections. The issue is fixed by requiring CA-signed certificates that contain sufficient information to support host-name validation; def...
CVE-2023-34203
CVE-2023-34203 affects Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer). A remote user who has any OEM or OEE role can perform a URL injection attack to change identity or role membership, enabling escalation to admin. Affected versions are: OpenEdge LTS before 11.7.16; Ope...