Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-2448

An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.

Published

2024-03-22T14:15:08.683

Last Modified

2025-02-11T17:39:30.057

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	progress	loadmaster	< 7.2.54.9	Yes
Application	progress	loadmaster	< 7.2.59.3	Yes
Application	progress	loadmaster	7.1.35.10	Yes
Application	progress	loadmaster	7.2.48.10	Yes

References

https://progress.com/loadmaster Broken Link ([email protected])
https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449 Release Notes ([email protected])
https://progress.com/loadmaster Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449 Release Notes (af854a3a-2127-422b-91ae-364da2661108)