CVE-2015-9245

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
progressopenedge
10.2a:a
progressopenedge
10.2b:b
progressopenedge
10.2b07:b07
progressopenedge
10.2b08:b08
progressopenedge
11.0
progressopenedge
11.1
progressopenedge
11.2
progressopenedge
11.3
progressopenedge
11.4
progressopenedge
11.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://knowledgebase.progress.com/articles/Article/How-to-prevent-Java-RMI-class-loader-exploit-with-AdminServer
https://knowledgebase.progress.com/articles/Article/How-to-prevent-Java-RMI-class-loader-exploit-with-AdminServer