CVE-2024-7345: Direct local client connections to MS Agents can bypass authentication
First published: Tue Sep 03 2024(Updated: )
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
Credit: security@progress.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Progress OpenEdge | <=11.7.18 | |
| Progress OpenEdge | >=12.0<=12.2.13 |
Remedy
Use the 12.8.0 or above LTS release where the vulnerability does not exist
Remedy
Use the 12.2 LTS release at the 12.2.14 Update level or above
Remedy
Use the 11.7 LTS release at the 11.7.19 Update level or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- vendor/progress
- canonical/progress openedge
- version/progress openedge/11.7.18
- version/progress openedge/12.0
- version/progress openedge/12.2.13