OpenEdge LTS ABL Client PASOE Bypass (Code Injection) <12.2.13
CVE-2024-7345 Published on September 3, 2024
Direct local client connections to MS Agents can bypass authentication
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
Vulnerability Analysis
Weakness Type
What is a Code Injection Vulnerability?
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2024-7345 has been classified to as a Code Injection vulnerability or weakness.
Products Associated with CVE-2024-7345
Want to know whenever a new CVE is published for Progress Openedge? stack.watch will email you.
Affected Versions
Progress OpenEdge:- Version 11.7.0, <= 11.7.19 is affected.
- Version 12.2.0, <= 12.2.14 is affected.
- Version 12.8.0 is unaffected.
- Version 11.7.0, <= 11.7.19 is affected.
- Version 12.2.0, <= 12.2.14 is affected.
- Version 12.8.0 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.