PT-2024-39229 · Progress · Multi-Tenant Hypervisor+1
Huydoppa
·
Published
2024-10-11
·
Updated
2025-07-30
·
CVE-2024-8755
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
LoadMaster versions 7.2.55.0 through 7.2.60.1
LoadMaster versions 7.2.49.0 through 7.2.54.12
LoadMaster version 7.2.48.12 and all prior versions
Multi-Tenant Hypervisor version 7.1.35.12 and all prior versions
ECS versions prior to 7.2.60.1
Description:
The issue is related to an Improper Input Validation vulnerability that allows OS Command Injection. This vulnerability affects authenticated users in Progress LoadMaster.
Recommendations:
For LoadMaster versions 7.2.55.0 through 7.2.60.1, update to a version outside of this range to mitigate the risk.
For LoadMaster versions 7.2.49.0 through 7.2.54.12, update to a version outside of this range to mitigate the risk.
For LoadMaster version 7.2.48.12 and all prior versions, update to a version newer than 7.2.48.12 to mitigate the risk.
For Multi-Tenant Hypervisor version 7.1.35.12 and all prior versions, update to a version newer than 7.1.35.12 to mitigate the risk.
For ECS versions prior to 7.2.60.1, update to version 7.2.60.1 or newer to mitigate the risk.
Fix
OS Command Injection
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Loadmaster
Multi-Tenant Hypervisor