CVE-2024-1403
published 2024-02-27CVE-2024-1403: In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.27%
86.9th percentile
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The
vulnerability is a bypass to authentication based on a failure to properly
handle username and password. Certain unexpected
content passed into the credentials can lead to unauthorized access without proper
authentication.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | openedge | < 11.7.19 | 11.7.19 |
| progress | openedge | >= 11.7.0 < 11.7.19 | 11.7.19 |
| progress | openedge | >= 11.8 < 12.2.14 | 12.2.14 |
| progress | openedge | >= 12.2.0 < 12.2.14 | 12.2.14 |
| progress | openedge | >= 12.3 < 12.8.1 | 12.8.1 |
| progress | openedge | >= 12.8.0 < 12.8.1 | 12.8.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServerhttps://www.progress.com/openedgehttps://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServerhttps://www.progress.com/openedge
2024-02-27
Published