Vulnerabilities > Progress > Openedge > 12.0

DATE CVE VULNERABILITY TITLE RISK
2024-09-03 CVE-2024-7345 Code Injection vulnerability in Progress Openedge
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
low complexity
progress CWE-94
critical
9.6
2024-09-03 CVE-2024-7346 Improper Authentication vulnerability in Progress Openedge
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection.  This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security.  The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.
network
high complexity
progress CWE-287
4.8
2024-02-27 CVE-2024-1403 Unspecified vulnerability in Progress Openedge
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The vulnerability is a bypass to authentication based on a failure to properly handle username and password.
network
low complexity
progress
critical
9.8
2023-06-23 CVE-2023-34203 Injection vulnerability in Progress Openedge, Openedge Explorer and Openedge Management
In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin.
network
low complexity
progress CWE-74
8.8