Directory Traversal Vulnerability in Progress Software OpenEdge 11.2
CVE-2014-8555

Currently unrated

Key Information:

Vendor: Progress
Status: Openedge
Vendor: CVE Published:; 12 November 2014

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2014-8555?

The directory traversal vulnerability in Progress Software OpenEdge 11.2 allows remote attackers to exploit the 'selection' parameter in report/reportViewAction.jsp. By inserting a '..' (dot dot) in the selection parameter, attackers can gain unauthorized access to sensitive files on the server, which may lead to data exposure and compromise of system integrity.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2014-8555 - Proof of Concept

References

http://www.exploit-db.com/exploits/35127

exploitx_refsource_EXPLOIT-DB

https://www.xlabs.com.br/blog/?p=256

x_refsource_MISC

http://www.exploit-db.com/exploits/35207

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 12, 2014
👾
Exploit known to exist
Nov 12, 2014
Vulnerability published
Nov 12, 2014
Vulnerability Reserved
Oct 30, 2014

CVE-2014-8555 Data

JSON