Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
References
Link | Resource |
---|---|
https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
05 Sep 2024, 14:11
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.6 |
Summary |
|
|
First Time |
Progress
Progress openedge |
|
References | () https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication - Mitigation, Vendor Advisory | |
CPE | cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:* |
03 Sep 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-03 15:15
Updated : 2024-09-05 14:11
NVD link : CVE-2024-7345
Mitre link : CVE-2024-7345
CVE.ORG link : CVE-2024-7345
JSON object : View
Products Affected
progress
- openedge
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')