Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-40051

This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.

Published

2024-01-18T15:15:09.060

Last Modified

2024-11-21T08:18:36.410

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Secondary
CWE-434
Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	progress	openedge	< 11.7.18	Yes
Application	progress	openedge	< 12.2.13	Yes
Application	progress	openedge_innovation	< 12.8.0	Yes

References

https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport Vendor Advisory ([email protected])
https://www.progress.com/openedge Product ([email protected])
https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.progress.com/openedge Product (af854a3a-2127-422b-91ae-364da2661108)