4 matches found
CVE-2022-29849
CVE-2022-29849 affects Progress OpenEdge; vulnerable in OpenEdge versions before 11.7.14 and 12.x before 12.2.9 due to privilege-escalation risk from certain SUID binaries. Local attackers could elevate privileges on the affected system. Remediation: upgrade to OpenEdge 11.7.14 or later, or 12.2....
CVE-2024-7346
CVE-2024-7346 affects Progress OpenEdge: using the installed default TLS certificates allows bypassing host-name validation during TLS handshakes in network connections. The issue is fixed by requiring CA-signed certificates that contain sufficient information to support host-name validation; def...
CVE-2007-3491
CVE-2007-3491 concerns a buffer overflow in Progress OpenEdge’s _mprosrv (before 9.1E0422 and before 10.1B01 for 10.x) that can be triggered by a malformed TCP/IP message. The available documents identify the affected component (_mprosrv.exe) and the vulnerable versions, with an remote-access vec...
CVE-2023-40052
CVE-2023-40052 affects Progress Application Server (PAS) for OpenEdge. A malformed web request can crash a PASOE agent, potentially disrupting thread activities of multiple web application clients and causing DoS due to flooding of invalid requests. Affected versions are 11.7 < 11.7.18, 12.2