CVE-2024-1403

EPSS 16.57%
Veröffentlicht 27.02.2024 16:15:45
Zuletzt bearbeitet 11.02.2025 17:40:59
Quelle security@progress.com
CVE-Watchlists
Login
Unerledigt
Login

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The
vulnerability is a bypass to authentication based on a failure to properly
handle username and password.  Certain unexpected
content passed into the credentials can lead to unauthorized access without proper
authentication.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Progress ≫ Openedge SwEditionlts Version < 11.7.19

Progress ≫ Openedge SwEditionlts Version >= 11.8 < 12.2.14

Progress ≫ Openedge SwEditionlts Version >= 12.3 < 12.8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	16.57%	0.946

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@progress.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-305 Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

https://www.progress.com/openedge

Product

https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-1403

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1403

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1403

EUVD