CRITICAL🇬🇧 English

CVE-2015-9245

CVSS 9.8v3.0pub. 2017-10-31upd. 2026-05-13

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Progress Openedge

    APP
    Progress
    10.2a10.2b10.2b0710.2b0811.011.111.211.311.411.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-1403CRITICAL10.0PL ✓ten sam produkt

Authentication bypass w Progress OpenEdge Authentication Gateway i AdminServer

CVE-2023-40051CRITICAL9.1PL ✓ten sam produkt

Dowolne przesyłanie plików w Progress Application Server dla OpenEdge (PASOE)

CVE-2024-7345HIGH8.3ten sam produkt

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized cod...

CVE-2024-7346HIGH7.2ten sam produkt

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are use...

CVE-2024-7654HIGH8.3ten sam produkt

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OE...