CVE-2024-7345

Name of the Vulnerable Software and Affected Versions OpenEdge LTS versions prior to 11.7.18 OpenEdge LTS versions prior to 12.2.13

Description A Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms.

Recommendations For OpenEdge LTS versions prior to 11.7.18, update to a version later than 11.7.18 to resolve the issue. For OpenEdge LTS versions prior to 12.2.13, update to a version later than 12.2.13 to resolve the issue. As a temporary workaround, consider restricting access to the Multi-Session Agents until a patch is available.