Progress PASOE File Upload via WEB Transport prior 12.2.13/11.7.18
CVE-2023-40051 Published on January 18, 2024
Progress Application Server (PAS) for OpenEdge File Upload via Directory Traversal
This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.
Vulnerability Analysis
CVE-2023-40051 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and a small impact on availability.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2023-40051 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2023-40051
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-40051 are published in these products:
Affected Versions
Progress Software Corporation OpenEdge:- Version 11.7.0 and below 11.7.18 is affected.
- Version 12.2.0 and below 12.2.13 is affected.
- Version Innovation Releases and below 12.8.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.