ProgressSoftwareVULNRICHMENT:CVE-2024-7345CVE-2024-7345 Direct local client connections to MS Agents can bypass authentication
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
17.9%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*"
],
"vendor": "progress",
"product": "openedge",
"versions": [
{
"status": "affected",
"version": "11.7.0",
"versionType": "custom",
"lessThanOrEqual": "11.7.19"
},
{
"status": "affected",
"version": "12.2.0",
"versionType": "custom",
"lessThanOrEqual": "12.2.14"
},
{
"status": "unaffected",
"version": "12.8.0"
}
],
"defaultStatus": "affected"
}
]
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
17.9%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total