This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.
References
Configurations
History
26 Jan 2024, 15:25
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:* cpe:2.3:a:progress:openedge_innovation:*:*:*:*:*:*:*:* |
|
First Time |
Progress openedge
Progress Progress openedge Innovation |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.9 |
References | () https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport - Vendor Advisory | |
References | () https://www.progress.com/openedge - Product | |
CWE | CWE-434 |
18 Jan 2024, 15:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-18 15:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-40051
Mitre link : CVE-2023-40051
CVE.ORG link : CVE-2023-40051
JSON object : View
Products Affected
progress
- openedge_innovation
- openedge
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type