Progress Application Server (PAS) for OpenEdge File Upload via Directory Traversal
CVE-2023-40051

9.1CRITICAL

Key Information:

Vendor: Progress Software
Status: Openedge
Vendor: CVE Published:; 18 January 2024

🔔 Create Progress Software Vulnerability Alert

What is CVE-2023-40051?

The identified vulnerability within Progress Application Server for OpenEdge enables attackers to send specially crafted requests via the WEB transport protocol. This can lead to unintended file uploads to directories on the server system. If the uploaded file contains a malicious payload, this can potentially allow attackers to exploit the server further, leading to severe impacts on the server's integrity and security, possibly paving the way for large-scale attacks on the server or its connected network.

Affected Version(s)

OpenEdge 11.7.0

OpenEdge 11.7.0 < 11.7.18

OpenEdge 12.2.0 < 12.2.13

References

https://www.progress.com/openedge

product

https://community.progress.com/s/article/Important-Progre...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2024
Vulnerability Reserved
Aug 8, 2023