Input Validation Flaw in Progress LoadMaster Exposes Systems to Command Injection
CVE-2024-56131

8.4HIGH

Key Information:

Vendor
Progress
Status
Loadmaster
Vendor
CVE Published:
5 February 2025

Badges

📰 News Worthy

Summary

An improperly handled input validation issue in Progress LoadMaster allows authenticated users to execute OS command injection attacks. This vulnerability affects several versions of LoadMaster, Multi-Tenant Hypervisor, and ECS, putting sensitive data and system integrity at risk. Malicious actors could exploit this flaw to gain unauthorized access, leading to potential data breaches or system manipulations. Users are urged to update to the latest secure versions to mitigate any risks associated with this vulnerability.

Affected Version(s)

LoadMaster All Previous Versions < 7.2.61.0

News Articles

favicon imageThe Hacker News

Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions

Progress Software fixes high-severity LoadMaster flaws (CVSS 8.4) enabling command execution and file access. Affected users must update immediately.

favicon imageGBHackers News

Critical Flaw in Progress LoadMaster Allows Attackers to Execute System Commands

 A series of critical security vulnerabilities have been identified in Progress Software's LoadMaster application, potentially allowing remote attackers to execute system commands or access sensitive files.

References

https://community.progress.com/s/article/LoadMaster-Secur...

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

.