Progress OpenEdge OEM/OEE URL Injection Remote Role Escalation 12.7
CVE-2023-34203 Published on June 23, 2023

In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.

NVD

Products Associated with CVE-2023-34203

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-34203 are published in these products:

Progress Openedge Explorer

Progress Openedge Management

Progress Openedge

Exploit Probability

EPSS

0.69%

Percentile

71.52%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Progress OpenEdge OEM/OEE URL Injection Remote Role Escalation 12.7CVE-2023-34203 Published on June 23, 2023

Products Associated with CVE-2023-34203

Exploit Probability

Progress OpenEdge OEM/OEE URL Injection Remote Role Escalation 12.7
CVE-2023-34203 Published on June 23, 2023