URL Injection Vulnerability in Progress OpenEdge Management and OpenEdge Explorer
CVE-2023-34203

8.8HIGH

Key Information:

Vendor: Progress
Status: Openedge Explorer; Openedge Management; Openedge
Vendor: CVE Published:; 23 June 2023

What is CVE-2023-34203?

A URL injection vulnerability exists in Progress OpenEdge Management and OpenEdge Explorer, allowing remote users with any role to alter identity or role membership. This could enable attackers to escalate their privileges, compromising system integrity. The issue affects various versions of OpenEdge, highlighting the need for immediate updates and patching to secure the environment.

References

https://www.progress.com/openedge

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2023
Vulnerability Reserved
May 30, 2023