CVE-2015-9245

CRITICAL

Progress Openedge - Improper Access Control

Title source: rule

Description

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.

References (1)

[Issue Tracking, Vendor Advisory] https://knowledgebase.progress.com/articles/Article/How-to-prevent-Java-RMI-class-loader-exploit-with-AdminServer

Scores

CVSS v3 9.8

EPSS 0.0006

EPSS Percentile 19.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-284

Status draft

Affected Products (10)

progress/openedge

Timeline

Published Oct 31, 2017

Tracked Since Feb 18, 2026