ProgressSoftwareVULNRICHMENT:CVE-2024-1403CVE-2024-1403 Authentication Bypass in OpenEdge Authentication Gateway and AdminServer
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The
vulnerability is a bypass to authentication based on a failure to properly
handle username and password. Certain unexpected
content passed into the credentials can lead to unauthorized access without proper
authentication.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*"
],
"vendor": "progress",
"product": "openedge",
"versions": [
{
"status": "affected",
"version": "11.7.0",
"lessThan": "11.7.19",
"versionType": "semver"
},
{
"status": "affected",
"version": "12.2.0",
"lessThan": "12.2.14",
"versionType": "semver"
},
{
"status": "affected",
"version": "12.8.0",
"lessThan": "12.8.1",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total