First published: Thu Jan 18 2024(Updated: )
This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.
Credit: security@progress.com
Affected Software | Affected Version | How to fix |
---|---|---|
Progress OpenEdge | >=11.7<11.7.18 | |
Progress OpenEdge | >=12.2<12.2.13 | |
Progress Openedge Innovation | <12.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.