CVE-2024-2449

EUVD-2024-27398
A cross-site request forgery vulnerability has been identified in LoadMaster.  It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
progressloadmaster
7.2.49.0 ≤
𝑥
< 7.2.54.9
progressloadmaster
7.2.55.0 ≤
𝑥
< 7.2.59.3
progressloadmaster
7.1.35.10
progressloadmaster
7.2.48.10
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
kemptechnologiesloadmaster
7.2.55.0 ≤
𝑥
< 7.2.59.3
ADP
progressloadmaster
7.2.48.10 ≤
𝑥
< 7.2.48.11
ADP
progressloadmaster
7.2.49.0 ≤
𝑥
< 7.2.54.9
ADP
progressloadmaster
7.1.35.10 ≤
𝑥
< 7.1.35.11
ADP
Common Weakness Enumeration
References
https://progress.com/loadmaster
https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449
https://progress.com/loadmaster
https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449