CVE-2023-40051

This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:progress:openedge_innovation:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:18

Type Values Removed Values Added
References () https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport - Vendor Advisory () https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport - Vendor Advisory
References () https://www.progress.com/openedge - Product () https://www.progress.com/openedge - Product
CVSS v2 : unknown
v3 : 9.9
v2 : unknown
v3 : 9.1

26 Jan 2024, 15:25

Type Values Removed Values Added
First Time Progress openedge
Progress
Progress openedge Innovation
References () https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport - () https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport - Vendor Advisory
References () https://www.progress.com/openedge - () https://www.progress.com/openedge - Product
CWE CWE-434
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.9
CPE cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:openedge_innovation:*:*:*:*:*:*:*:*

18 Jan 2024, 15:50

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-18 15:15

Updated : 2024-11-21 08:18


NVD link : CVE-2023-40051

Mitre link : CVE-2023-40051

CVE.ORG link : CVE-2023-40051


JSON object : View

Products Affected

progress

  • openedge
  • openedge_innovation
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type