Vulnerabilities > Progress > Openedge > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-18 | CVE-2023-40052 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Progress Openedge and Openedge Innovation This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. | 7.5 |
| 2023-06-23 | CVE-2023-34203 | Injection vulnerability in Progress Openedge, Openedge Explorer and Openedge Management In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. | 8.8 |
| 2022-05-02 | CVE-2022-29849 | Unspecified vulnerability in Progress Openedge 11.7/12.1 In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. | 7.8 |
| 2017-10-31 | CVE-2015-9245 | Improper Access Control vulnerability in Progress Openedge Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | 7.5 |
| 2007-06-29 | CVE-2007-3491 | Remote Security vulnerability in Progress Openedge 10.1A/10.1B/9.1E Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message. | 7.5 |