CVE-2024-7345
HIGHProgress OpenEdge < 11.7.18 - Unauthenticated Code Injection via Local ABL Client
Title source: llmDescription
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
References (1)
Core 1
Core References
Mitigation, Vendor Advisory vendor-advisory
https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication
Scores
CVSS v3
8.3
EPSS
0.0006
EPSS Percentile
17.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
progress/openedge
< 11.7.18
Published
Sep 03, 2024
Tracked Since
Feb 18, 2026