Improper Input Validation in Progress LoadMaster Leading to OS Command Injection
CVE-2024-56132

8.4HIGH

Key Information:

Vendor
Progress
Status
Loadmaster
Vendor
CVE Published:
5 February 2025

Badges

📰 News Worthy

Summary

The vulnerability in Progress LoadMaster arises from insufficient input validation for authenticated users, which may enable an attacker to perform OS command injection. This flaw can expose systems to unauthorized command execution, posing serious security risks. Affected versions include LoadMaster ranging from 7.2.55.0 to 7.2.60.1, as well as earlier versions including 7.2.49.0 to 7.2.54.12 and 7.2.48.12. Corrective measures should be taken promptly to mitigate potential exploits.

Affected Version(s)

LoadMaster All Previous Versions < 7.2.61.0

News Articles

favicon imageThe Hacker News

Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions

Progress Software fixes high-severity LoadMaster flaws (CVSS 8.4) enabling command execution and file access. Affected users must update immediately.

favicon imageGBHackers News

Critical Flaw in Progress LoadMaster Allows Attackers to Execute System Commands

 A series of critical security vulnerabilities have been identified in Progress Software's LoadMaster application, potentially allowing remote attackers to execute system commands or access sensitive files.

References

https://community.progress.com/s/article/LoadMaster-Secur...

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

.