CRITICAL🇵🇱 Wersja polska

CVE-2024-1403

CVSS 10.0v3.1pub. 2024-02-27upd. 2025-02-11

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The vulnerability is a bypass to authentication based on a failure to properly handle username and password. Certain unexpected content passed into the credentials can lead to unauthorized access without proper authentication.  

🤖 AI Analysis
How it works

The vulnerability results from improper handling of username and password during the authentication process. Passing unexpected content in authentication data fields causes an error in the verification logic, resulting in the bypass of access control mechanisms. As a result, an attacker can gain access to protected resources without providing valid credentials.

Impact

A remote unauthenticated attacker can gain unauthorized access to the system with potentially full privileges, threatening the confidentiality, integrity, and availability of protected data and services.

Mitigation & patch

The software must be updated immediately to version 11.7.19, 12.2.14, or 12.8.1 (depending on the branch in use). Detailed instructions are available in the official security bulletin from the vendor at the address indicated in the references.

Who is affected

Progress OpenEdge Authentication Gateway and AdminServer in all versions prior to 11.7.19, 12.2.14, and 12.8.1 on all platforms supported by the OpenEdge product.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Progress Openedge

    APP
    Progress
    < 11.7.1911.8 – 12.2.14 (bez)12.3 – 12.8.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2023-40051CRITICAL9.1PL ✓ten sam produkt

Dowolne przesyłanie plików w Progress Application Server dla OpenEdge (PASOE)

CVE-2015-9245CRITICAL9.8ten sam produkt

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote atta...

CVE-2024-7345HIGH8.3ten sam produkt

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized cod...

CVE-2024-7346HIGH7.2ten sam produkt

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are use...

CVE-2024-7654HIGH8.3ten sam produkt

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OE...