CVE-2024-56135

Name of the Vulnerable Software and Affected Versions LoadMaster versions 7.2.48.12 and earlier LoadMaster versions 7.2.49.0 through 7.2.54.12 LoadMaster versions 7.2.55.0 through 7.2.60.1 ECS versions prior to 7.2.60.1

Description The issue is related to improper input validation of authenticated users in Progress LoadMaster, allowing OS Command Injection. This can be exploited by authenticated users, potentially leading to system compromise. The estimated number of affected devices and real-world incidents are not specified.

Recommendations For LoadMaster versions 7.2.48.12 and earlier, update to a version later than 7.2.60.1. For LoadMaster versions 7.2.49.0 through 7.2.54.12, update to a version later than 7.2.60.1. For LoadMaster versions 7.2.55.0 through 7.2.60.1, update to a version later than 7.2.60.1. For ECS versions prior to 7.2.60.1, update to a version later than 7.2.60.1. As a temporary workaround, consider restricting access to the system until a patch is available.