CVE-2023-40051: Progress Application Server (PAS) for OpenEdge File Upload via Directory Traversal
First published: Thu Jan 18 2024(Updated: )
This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.
Credit: security@progress.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Progress OpenEdge | >=11.7<11.7.18 | |
| Progress OpenEdge | >=12.2<12.2.13 | |
| Progress Openedge Innovation | <12.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/progress
- canonical/progress openedge
- version/progress openedge/11.7
- version/progress openedge/12.2
- canonical/progress openedge innovation