CVE-2023-34203
23.06.2023, 20:15
In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.
| Vendor | Product | Version |
|---|---|---|
| progress | openedge | 𝑥 < 11.7.16 |
| progress | openedge | 12.0 ≤ 𝑥 < 12.2.12 |
| progress | openedge | 12.3 ≤ 𝑥 < 12.7 |
| progress | openedge_explorer | 𝑥 < 12.7 |
| progress | openedge_management | 𝑥 < 12.7 |
𝑥
= Vulnerable software versions