CVE-2024-7345

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*

History

05 Sep 2024, 14:11

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.3
v2 : unknown
v3 : 9.6
Summary
  • (es) La omisión por parte del cliente ABL local de las comprobaciones de seguridad PASOE requeridas puede permitir que un atacante realice una inyección de código no autorizada en agentes multisesión en plataformas OpenEdge LTS compatibles hasta OpenEdge LTS 11.7.18 y LTS 12.2.13 en todas las plataformas de lanzamiento compatibles
First Time Progress
Progress openedge
References () https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication - () https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication - Mitigation, Vendor Advisory
CPE cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*

03 Sep 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-03 15:15

Updated : 2024-09-05 14:11


NVD link : CVE-2024-7345

Mitre link : CVE-2024-7345

CVE.ORG link : CVE-2024-7345


JSON object : View

Products Affected

progress

  • openedge
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')