CVE-2015-9245
CRITICALProgress OpenEdge 10.2x and 11.x - Unauthenticated Remote Code Execution via Java RMI Class Loader
Title source: llmDescription
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://knowledgebase.progress.com/articles/Article/How-to-prevent-Java-RMI-class-loader-exploit-with-AdminServer
Scores
CVSS v3
9.8
EPSS
0.0006
EPSS Percentile
19.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (10)
progress/openedge
10.2a
progress/openedge
10.2b
progress/openedge
10.2b07
progress/openedge
10.2b08
progress/openedge
11.0
progress/openedge
11.1
progress/openedge
11.2
progress/openedge
11.3
progress/openedge
11.4
progress/openedge
11.5
Published
Oct 31, 2017
Tracked Since
Feb 18, 2026