CRITICAL🇵🇱 Wersja polska

CVE-2023-40051

CVSS 9.1v3.1pub. 2024-01-18upd. 2024-11-21

This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
  • Progress Openedge

    APP
    Progress
    11.7 – 11.7.18 (bez)12.2 – 12.2.13 (bez)
  • Progress Openedge Innovation

    APP
    Progress
    < 12.8.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-1403CRITICAL10.0PL ✓ten sam produkt

Authentication bypass w Progress OpenEdge Authentication Gateway i AdminServer

CVE-2015-9245CRITICAL9.8ten sam produkt

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote atta...

CVE-2024-7345HIGH8.3ten sam produkt

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized cod...

CVE-2024-7346HIGH7.2ten sam produkt

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are use...

CVE-2024-7654HIGH8.3ten sam produkt

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OE...