An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other types of attack that could spoof or deceive web interface users. Unauthorized use of the OEE/OEM discovery service was remediated by deactivating the discovery service by default.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HProgress Openedge
APPProgress≤ 11.7.1912.2 – 12.2.1412.8 – 12.8.3 (bez)
Powiązane podatności
Authentication bypass w Progress OpenEdge Authentication Gateway i AdminServer
Dowolne przesyłanie plików w Progress Application Server dla OpenEdge (PASOE)
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote atta...
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized cod...
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are use...