Improper Input Validation in Progress LoadMaster Leading to OS Command Injection
CVE-2024-56132

8.4HIGH

Key Information:

Vendor: Progress
Status: Loadmaster
Vendor: CVE Published:; 5 February 2025

Badges

📰 News Worthy

What is CVE-2024-56132?

The vulnerability in Progress LoadMaster arises from insufficient input validation for authenticated users, which may enable an attacker to perform OS command injection. This flaw can expose systems to unauthorized command execution, posing serious security risks. Affected versions include LoadMaster ranging from 7.2.55.0 to 7.2.60.1, as well as earlier versions including 7.2.49.0 to 7.2.54.12 and 7.2.48.12. Corrective measures should be taken promptly to mitigate potential exploits.

Affected Version(s)

LoadMaster All Previous Versions < 7.2.61.0

News Articles

The Hacker News

CVE-2024-56131 CVE-2024-56132

Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions

Progress Software fixes high-severity LoadMaster flaws (CVSS 8.4) enabling command execution and file access. Affected users must update immediately.

GBHackers News

CVE-2024-56131 CVE-2024-56132

Critical Flaw in Progress LoadMaster Allows Attackers to Execute System Commands

A series of critical security vulnerabilities have been identified in Progress Software's LoadMaster application, potentially allowing remote attackers to execute system commands or access sensitive files.

References

https://community.progress.com/s/article/LoadMaster-Secur...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by GBHackers News
Feb 11, 2025
Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Dec 16, 2024