CVE-2024-1403

CRITICAL

Progress Openedge < 11.7.19 - Authentication Bypass

Title source: rule

Description

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The vulnerability is a bypass to authentication based on a failure to properly handle username and password. Certain unexpected content passed into the credentials can lead to unauthorized access without proper authentication.  

Exploits (1)

nomisec WORKING POC 16 stars
by horizon3ai · poc
https://github.com/horizon3ai/CVE-2024-1403

References (2)

Scores

CVSS v3 10.0
EPSS 0.1624
EPSS Percentile 94.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-305
Status published
Products (1)
progress/openedge < 11.7.19
Published Feb 27, 2024
Tracked Since Feb 18, 2026