Progress Software Corporation Openedge vulnerabilities
5 known vulnerabilities affecting progress_software_corporation/openedge.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3
Vulnerabilities
Page 1 of 1
CVE-2023-40051P2CRITICALCVSS 9.9≥ 11.7.0, < 11.7.18≥ 12.2.0, < 12.2.13+1 more2024-01-18
CVE-2023-40051 [CRITICAL] CWE-434 CVE-2023-40051: This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18,
This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload tha
nvd
CVE-2025-7388P2HIGHCVSS 8.4≥ OpenEdge 12.2.0, < 12.2.18≥ OpenEdge 12.8.0, < 12.8.82025-09-04
CVE-2025-7388 [HIGH] CWE-77 CVE-2025-7388: It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge Adm
It was possible to perform Remote Command Execution (RCE) via Java
RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and
execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration
property with inadequate input validation leading to OS command in
nvd
CVE-2025-8095P3CRITICALCVSS 9.1≥ 12.2.0, ≤ 12.2.18≥ 12.8.0, ≤ 12.8.92026-04-14
CVE-2025-8095 [CRITICAL] CWE-257 CVE-2025-8095: The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other supported prefix encoding, all of which are based on symmetric
nvd
CVE-2025-7389P3HIGHCVSS 8.2≥ OpenEdge 12.2.0, ≤ 12.2.9≥ OpenEdge 12.8.0, ≤ 12.2.182026-04-14
CVE-2025-7389 [HIGH] CWE-552 CVE-2025-7389: A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authe
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server
through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users the ability to read arbitrary files on the host system through the misuse of the
nvd
CVE-2023-40052P3HIGHCVSS 7.5≥ 11.7.0, < 11.7.18≥ 12.2.0, < 12.2.13+1 more2024-01-18
CVE-2023-40052 [HIGH] CWE-119 CVE-2023-40052: This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.
This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0
.
An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS
nvd