Approved changes feed: RSS · Atom
cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:*
part: a version: * update: *
| Vendor | Progress (f9d80521-f73f-5a85-8df9-9306f2f67809) |
|---|---|
| Product | Openedge (27ac92ac-c02b-5c9f-946c-6cad9a1904a2) |
| Edition | * |
| Language | * |
| Software edition | lts |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-7654 |
vulnerable | 2026-06-03 14:58:06.621477 |
Unauthenticated Content Injection in OpenEdge Management web interface via ActiveMQ discovery service
HIGH (8.3)
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other types of attack that could spoof or deceive web interface users. Unauthorized use of the OEE/OEM discovery service was remediated by deactivating the discovery service by default.
Published: 2024-09-03T14:48:00.539Z
Updated: 2024-09-03T15:09:51.475Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7346 |
vulnerable | 2026-06-03 14:58:05.691663 |
Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation
HIGH (7.2)
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security. The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.
Published: 2024-09-03T14:51:03.551Z
Updated: 2024-09-03T15:06:04.578Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1403 |
vulnerable | 2026-06-03 14:54:26.856169 |
Authentication Bypass in OpenEdge Authentication Gateway and AdminServer
CRITICAL (10)
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The
vulnerability is a bypass to authentication based on a failure to properly
handle username and password. Certain unexpected
content passed into the credentials can lead to unauthorized access without proper
authentication.
Published: 2024-02-27T15:39:54.850Z
Updated: 2024-08-12T19:27:43.016Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34203 |
vulnerable | 2026-06-03 14:52:16.057004 |
Details available
In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.
Published: 2023-06-23T00:00:00.000Z
Updated: 2024-12-02T14:50:19.648Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.