Vulnerability Details CVE-2024-1403
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The
vulnerability is a bypass to authentication based on a failure to properly
handle username and password. Certain unexpected
content passed into the credentials can lead to unauthorized access without proper
authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.064
EPSS Ranking 90.5%
CVSS Severity
CVSS v3 Score 10.0
References
- https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer
- https://www.progress.com/openedge
- https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer
- https://www.progress.com/openedge
Products affected by CVE-2024-1403
-
cpe:2.3:a:progress:openedge:-
-
cpe:2.3:a:progress:openedge:11.7.16
-
cpe:2.3:a:progress:openedge:11.7.18
-
cpe:2.3:a:progress:openedge:12.0
-
cpe:2.3:a:progress:openedge:12.2
-
cpe:2.3:a:progress:openedge:12.2.10
-
cpe:2.3:a:progress:openedge:12.2.11
-
cpe:2.3:a:progress:openedge:12.2.12
-
cpe:2.3:a:progress:openedge:12.2.13
-
cpe:2.3:a:progress:openedge:12.2.3
-
cpe:2.3:a:progress:openedge:12.2.4
-
cpe:2.3:a:progress:openedge:12.2.5
-
cpe:2.3:a:progress:openedge:12.2.6
-
cpe:2.3:a:progress:openedge:12.2.7
-
cpe:2.3:a:progress:openedge:12.2.8
-
cpe:2.3:a:progress:openedge:12.2.9
-
cpe:2.3:a:progress:openedge:12.3
-
cpe:2.3:a:progress:openedge:12.7
-
cpe:2.3:a:progress:openedge:12.8