CVE-2024-1403

EPSS 16.57%
Published 27.02.2024 16:15:45
Last modified 11.02.2025 17:40:59
Source security@progress.com
Teams watchlist Login
Open Login

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The
vulnerability is a bypass to authentication based on a failure to properly
handle username and password.  Certain unexpected
content passed into the credentials can lead to unauthorized access without proper
authentication.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Progress ≫ Openedge SwEditionlts Version < 11.7.19

Progress ≫ Openedge SwEditionlts Version >= 11.8 < 12.2.14

Progress ≫ Openedge SwEditionlts Version >= 12.3 < 12.8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	16.57%	0.946

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@progress.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-305 Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

https://www.progress.com/openedge

Product

https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-1403

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1403

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1403

EUVD