PT-2023-24734 · Progress · Openedge
Published
2023-06-23
·
Updated
2023-07-05
·
CVE-2023-34203
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenEdge versions prior to 12.7
OpenEdge LTS versions prior to 11.7.16
OpenEdge 12.x versions prior to 12.2.12
OpenEdge 12.3.x through 12.6.x
Description
A remote user with any OEM or OEE role could perform a URL injection attack to change identity or role membership, potentially escalating to admin.
Recommendations
For OpenEdge versions prior to 12.7, update to version 12.7 or later.
For OpenEdge LTS versions prior to 11.7.16, update to version 11.7.16 or later.
For OpenEdge 12.x versions prior to 12.2.12, update to version 12.2.12 or later.
For OpenEdge 12.3.x through 12.6.x, update to version 12.7 or later.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openedge