Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7345

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms

Published

2024-09-03T15:15:16.707

Last Modified

2024-09-05T14:11:00.493

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.3 (HIGH)

Weaknesses

Type: Secondary
CWE-94
Type: Primary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	progress	openedge	≤ 11.7.18	Yes
Application	progress	openedge	≤ 12.2.13	Yes

References

https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication Mitigation, Vendor Advisory ([email protected])