What is the severity of CVE-2015-9245?

CVE-2015-9245 is rated as a high severity vulnerability due to the potential for unauthenticated remote code execution.

How do I fix CVE-2015-9245?

To fix CVE-2015-9245, configure the Progress OpenEdge to disable the insecure Java RMI settings and restrict URL class loading.

Which products are affected by CVE-2015-9245?

CVE-2015-9245 affects Progress Software OpenEdge versions 10.2a, 10.2b, and all versions from 11.0 to 11.5.

Can CVE-2015-9245 be exploited remotely?

Yes, CVE-2015-9245 can be exploited remotely by attackers to load and execute malicious Java classes.

Is CVE-2015-9245 related to Java security?

Yes, CVE-2015-9245 is related to Java security as it involves the insecure configuration of Java RMI class loading.

Vulnerability/
CVE-2015-9245

critical

9.8

CWE

284

31/10/2017

6/8/2024

CVE-2015-9245

First published: Tue Oct 31 2017(Updated: )

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Progress OpenEdge Explorer	=10.2a
Progress OpenEdge Explorer	=10.2b
Progress OpenEdge Explorer	=10.2b07
Progress OpenEdge Explorer	=10.2b08
Progress OpenEdge Explorer	=11.0
Progress OpenEdge Explorer	=11.1
Progress OpenEdge Explorer	=11.2
Progress OpenEdge Explorer	=11.3
Progress OpenEdge Explorer	=11.4
Progress OpenEdge Explorer	=11.5

Never miss a vulnerability like this again

Reference Links

https://knowledgebase.progress.com/articles/Article/How-to-prevent-Java-RMI-class-loader-exploit-with-AdminServer

Frequently Asked Questions

What is the severity of CVE-2015-9245?
CVE-2015-9245 is rated as a high severity vulnerability due to the potential for unauthenticated remote code execution.
How do I fix CVE-2015-9245?
To fix CVE-2015-9245, configure the Progress OpenEdge to disable the insecure Java RMI settings and restrict URL class loading.
Which products are affected by CVE-2015-9245?
CVE-2015-9245 affects Progress Software OpenEdge versions 10.2a, 10.2b, and all versions from 11.0 to 11.5.
Can CVE-2015-9245 be exploited remotely?
Yes, CVE-2015-9245 can be exploited remotely by attackers to load and execute malicious Java classes.
Is CVE-2015-9245 related to Java security?
Yes, CVE-2015-9245 is related to Java security as it involves the insecure configuration of Java RMI class loading.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/references
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/progress
canonical/progress openedge explorer
version/progress openedge explorer/10.2a
version/progress openedge explorer/10.2b
version/progress openedge explorer/10.2b07
version/progress openedge explorer/10.2b08
version/progress openedge explorer/11.0
version/progress openedge explorer/11.1
version/progress openedge explorer/11.2
version/progress openedge explorer/11.3
version/progress openedge explorer/11.4
version/progress openedge explorer/11.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.