Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-2449

A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator.

Published

2024-03-22T14:15:09.210

Last Modified

2025-02-10T19:33:51.660

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-352
Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	progress	loadmaster	< 7.2.54.9	Yes
Application	progress	loadmaster	< 7.2.59.3	Yes
Application	progress	loadmaster	7.1.35.10	Yes
Application	progress	loadmaster	7.2.48.10	Yes

References

https://progress.com/loadmaster Broken Link ([email protected])
https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449 Vendor Advisory ([email protected])
https://progress.com/loadmaster Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)