Progress Openedge
6 CVEs affecting Progress Openedge. Latest disclosed: 2024-09-03. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-1403 | Critical | 10.0 | 2024-02-27 | In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypa… |
CVE-2015-9245 | Critical | 9.8 | 2017-10-31 | Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to loa… |
CVE-2024-7345 | High | 8.3 | 2024-09-03 | Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supporte… |
CVE-2024-7654 | High | 8.3 | 2024-09-03 | An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthor… |
CVE-2024-7346 | High | 7.2 | 2024-09-03 | Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked co… |
CVE-2014-8555 | | 2014-11-12 | Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (d… |