Vulnerability Details CVE-2023-40051
This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.9%
CVSS Severity
CVSS v3 Score 9.1
References
- https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport
- https://www.progress.com/openedge
- https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport
- https://www.progress.com/openedge
Products affected by CVE-2023-40051
-
cpe:2.3:a:progress:openedge:11.7
-
cpe:2.3:a:progress:openedge:11.7.16
-
cpe:2.3:a:progress:openedge:12.2
-
cpe:2.3:a:progress:openedge:12.2.10
-
cpe:2.3:a:progress:openedge:12.2.11
-
cpe:2.3:a:progress:openedge:12.2.12
-
cpe:2.3:a:progress:openedge:12.2.3
-
cpe:2.3:a:progress:openedge:12.2.4
-
cpe:2.3:a:progress:openedge:12.2.5
-
cpe:2.3:a:progress:openedge:12.2.6
-
cpe:2.3:a:progress:openedge:12.2.7
-
cpe:2.3:a:progress:openedge:12.2.8
-
cpe:2.3:a:progress:openedge:12.2.9
-
cpe:2.3:a:progress:openedge_innovation:*