CVE-2024-1403

Name of the Vulnerable Software and Affected Versions OpenEdge Authentication Gateway and AdminServer versions prior to 11.7.19, 12.2.14, 12.8.1

Description The issue is an authentication bypass vulnerability based on a failure to properly handle username and password. Certain unexpected content passed into the credentials can lead to unauthorized access without proper authentication. This vulnerability allows an attacker to gain unauthorized access to various OpenEdge components, including sensitive databases. It is estimated that over 7,500 services are potentially affected. A proof-of-concept exploit has been released, and users are advised to update to supported versions as soon as possible.

Recommendations To resolve the issue for each affected version, update OpenEdge Authentication Gateway and AdminServer to versions 11.7.19, 12.2.14, or 12.8.1. As a temporary workaround, consider restricting access to the vulnerable components until a patch is applied. Additionally, enable automatic software updates, use strong passwords and two-factor authentication, and be cautious when working online. Regularly back up data and do not ignore updates.