CVE-2024-1403

critical

Description

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and password. Certain unexpected content passed into the credentials can lead to unauthorized access without proper authentication.

References

https://securityaffairs.com/160347/hacking/progress-software-openedge-critical-flaw.html?web_view=true

https://securityaffairs.com/160347/hacking/progress-software-openedge-critical-flaw.html

https://www.progress.com/openedge

https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer

Details

Source: Mitre, NVD

Published: 2024-02-27

Updated: 2024-02-28

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical