In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.
References
Link | Resource |
---|---|
https://www.progress.com/openedge | Product |
Configurations
Configuration 1 (hide)
|
History
05 Jul 2023, 13:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
Progress openedge
Progress Progress openedge Explorer Progress openedge Management |
|
CPE | cpe:2.3:a:progress:openedge_explorer:*:*:*:*:*:*:*:* cpe:2.3:a:progress:openedge_management:*:*:*:*:*:*:*:* cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:* |
|
References | (MISC) https://www.progress.com/openedge - Product | |
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
23 Jun 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-23 20:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-34203
Mitre link : CVE-2023-34203
CVE.ORG link : CVE-2023-34203
JSON object : View
Products Affected
progress
- openedge_explorer
- openedge_management
- openedge
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')