Описание
In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.
Ссылки
- Product
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 11.7.16 (исключая)Версия от 12.0 (включая) до 12.2.12 (исключая)Версия от 12.3 (включая) до 12.7 (исключая)Версия до 12.7 (исключая)Версия до 12.7 (исключая)
Одно из
cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:*
cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:*
cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:*
cpe:2.3:a:progress:openedge_explorer:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:openedge_management:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00693
Низкий
8.8 High
CVSS3
Дефекты
CWE-74
Связанные уязвимости
CVSS3: 8.8
github
больше 2 лет назад
In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.
EPSS
Процентиль: 71%
0.00693
Низкий
8.8 High
CVSS3
Дефекты
CWE-74