HIGH🇵🇱 Wersja polska

CVE-2024-7346

CVSS 7.2v3.1pub. 2024-09-03upd. 2024-09-05

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection.  This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security.  The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
  • Progress Openedge

    APP
    Progress
    ≤ 11.7.1912.0 – 12.2.14
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-1403CRITICAL10.0PL ✓ten sam produkt

Authentication bypass w Progress OpenEdge Authentication Gateway i AdminServer

CVE-2023-40051CRITICAL9.1PL ✓ten sam produkt

Dowolne przesyłanie plików w Progress Application Server dla OpenEdge (PASOE)

CVE-2015-9245CRITICAL9.8ten sam produkt

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote atta...

CVE-2024-7345HIGH8.3ten sam produkt

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized cod...

CVE-2024-7654HIGH8.3ten sam produkt

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OE...