CVE-2024-1403

In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The
vulnerability is a bypass to authentication based on a failure to properly
handle username and password.  Certain unexpected
content passed into the credentials can lead to unauthorized access without proper
authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
ProgressSoftwareCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
progressopenedge
11.7.19 <
𝑥
< 11.7.19
progressopenedge
12.2.14 <
𝑥
< 12.2.14
progressopenedge
12.8.1 <
𝑥
< 12.8.1
progressopenedge
𝑥
< 11.7.19
progressopenedge
11.8 ≤
𝑥
< 12.2.14
progressopenedge
12.3 ≤
𝑥
< 12.8.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer
https://www.progress.com/openedge
https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer
https://www.progress.com/openedge