CVE-2023-40051

Name of the Vulnerable Software and Affected Versions Progress Application Server (PAS) for OpenEdge versions 11.7 prior to 11.7.18 Progress Application Server (PAS) for OpenEdge versions 12.2 prior to 12.2.13 Progress Application Server (PAS) for OpenEdge innovation releases prior to 12.8.0

Description This issue allows an attacker to formulate a request for a WEB transport that enables unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.

Recommendations For Progress Application Server (PAS) for OpenEdge versions 11.7 prior to 11.7.18, update to version 11.7.18 or later. For Progress Application Server (PAS) for OpenEdge versions 12.2 prior to 12.2.13, update to version 12.2.13 or later. For Progress Application Server (PAS) for OpenEdge innovation releases prior to 12.8.0, update to version 12.8.0 or later. As a temporary workaround, consider restricting access to the WEB transport to minimize the risk of exploitation.