Progress Application Server (PAS) for OpenEdge File Upload via Directory Traversal
CVE-2023-40051

9.1CRITICAL

Key Information:

Vendor: Progress Software
Status: Openedge
Vendor: CVE Published:; 18 January 2024

🔔 Create Progress Software Vulnerability Alert

What is CVE-2023-40051?

The identified vulnerability within Progress Application Server for OpenEdge enables attackers to send specially crafted requests via the WEB transport protocol. This can lead to unintended file uploads to directories on the server system. If the uploaded file contains a malicious payload, this can potentially allow attackers to exploit the server further, leading to severe impacts on the server's integrity and security, possibly paving the way for large-scale attacks on the server or its connected network.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OpenEdge 11.7.0

OpenEdge 11.7.0 < 11.7.18

OpenEdge 12.2.0 < 12.2.13

References

https://www.progress.com/openedge

product

https://community.progress.com/s/article/Important-Progre...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 18, 2024
Vulnerability Reserved
Aug 8, 2023

JSON

Progress Software