CVE-2024-56132

Name of the Vulnerable Software and Affected Versions LoadMaster versions 7.2.48.12 and earlier LoadMaster versions 7.2.49.0 through 7.2.54.12 LoadMaster versions 7.2.55.0 through 7.2.60.1 ECS versions prior to 7.2.60.1

Description The issue is related to improper input validation of authenticated users in Progress LoadMaster, allowing OS command injection. This can potentially lead to unauthorized system access and execution of malicious commands.

Recommendations For LoadMaster versions 7.2.48.12 and earlier, consider restricting access to sensitive system areas until a patch is available. For LoadMaster versions 7.2.49.0 through 7.2.54.12, restrict the use of vulnerable functions related to authenticated user input validation. For LoadMaster versions 7.2.55.0 through 7.2.60.1, temporarily disable any features that rely on user input validation to minimize the risk of OS command injection. For ECS versions prior to 7.2.60.1, apply similar restrictions as for LoadMaster to mitigate potential risks.