Progress Application Server (PAS) for OpenEdge File Upload via Directory Traversal
CVE-2023-40051
9.1CRITICAL
What is CVE-2023-40051?
The identified vulnerability within Progress Application Server for OpenEdge enables attackers to send specially crafted requests via the WEB transport protocol. This can lead to unintended file uploads to directories on the server system. If the uploaded file contains a malicious payload, this can potentially allow attackers to exploit the server further, leading to severe impacts on the server's integrity and security, possibly paving the way for large-scale attacks on the server or its connected network.
Affected Version(s)
OpenEdge 11.7.0
OpenEdge 11.7.0 < 11.7.18
OpenEdge 12.2.0 < 12.2.13