CVE-2022-29849

Опубликовано: 02 мая 2022

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system.

Ссылки

https://community.progress.com/s/article/OpenEdge-11-7-14-is-Now-Available
Patch
Release Notes
Vendor Advisory
https://community.progress.com/s/article/OpenEdge-12-2-9-Update-is-available
Patch
Vendor Advisory
https://community.progress.com/s/article/Remediation-of-Privilege-Escalation-Security-Vulnerability-CVE-2022-29849
Mitigation
Vendor Advisory
https://www.progress.com/openedge
Product
https://community.progress.com/s/article/OpenEdge-11-7-14-is-Now-Available
Patch
Release Notes
Vendor Advisory
https://community.progress.com/s/article/OpenEdge-12-2-9-Update-is-available
Patch
Vendor Advisory
https://community.progress.com/s/article/Remediation-of-Privilege-Escalation-Security-Vulnerability-CVE-2022-29849
Mitigation
Vendor Advisory
https://www.progress.com/openedge
Product

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*

Версия от 11.7 (включая) до 11.7.14 (исключая)

cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.2.9 (исключая)

EPSS

Процентиль: 1%

0.00011

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-j2jr-mqph-crf9