CVE-2023-40051

CVSS V2 None CVSS V3 None

Description

This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.

Overview

CVE ID
CVE-2023-40051

Assigner
ProgressSoftware

Vulnerability Status
PUBLISHED

Published Version
2024-01-18T15:11:04.080Z

Last Modified Date
2024-01-18T16:05:02.036Z

Weakness Enumerations

CWE	URL
CWE-434	http://cwe.mitre.org/data/definitions/434.html

References

Reference URL	Reference Tags
https://www.progress.com/openedge	product
https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport	vendor-advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-40051
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40051

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 01:46:58				Added to TrackCVE