CVE-2024-1403

EUVD-2024-17158
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The
vulnerability is a bypass to authentication based on a failure to properly
handle username and password.  Certain unexpected
content passed into the credentials can lead to unauthorized access without proper
authentication.   
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
progressopenedge
𝑥
< 11.7.19
progressopenedge
11.8 ≤
𝑥
< 12.2.14
progressopenedge
12.3 ≤
𝑥
< 12.8.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
progressopenedge
11.7.0 ≤
𝑥
< 11.7.19
ADP
progressopenedge
12.2.0 ≤
𝑥
< 12.2.14
ADP
progressopenedge
12.8.0 ≤
𝑥
< 12.8.1
ADP
Common Weakness Enumeration
References
https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer
https://www.progress.com/openedge
https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer
https://www.progress.com/openedge