CVE-2024-7346

Name of the Vulnerable Software and Affected Versions OpenEdge (affected versions not specified)

Description The issue concerns the bypassing of host name validation for TLS certificates when using the installed OpenEdge default certificates to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation. To ensure full TLS certificate validation for network security, the existing default certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.

Recommendations Replace the existing default certificates with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation. As a temporary workaround, consider restricting the use of default certificates for TLS handshakes until CA-signed certificates are implemented. Avoid using the default certificates for network connections that require full TLS certificate validation until they are replaced with CA-signed certificates.