CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8048 – Telerik Reporting Insecure Expression Evaluation
https://notcve.org/view.php?id=CVE-2024-8048
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. • https://docs.telerik.com/reporting/knowledge-base/insecure-expression-evaluation-cve-2024-8048 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8014 – Telerik Reporting EntityDataSource Insecure Type Resolution
https://notcve.org/view.php?id=CVE-2024-8014
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. • https://docs.telerik.com/reporting/knowledge-base/insecure-type-resolution-cve-2024-8014 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7591 – Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
https://notcve.org/view.php?id=CVE-2024-7591
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above • https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7346 – Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation
https://notcve.org/view.php?id=CVE-2024-7346
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security. The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation. • https://community.progress.com/s/article/Client-connections-using-default-TLS-certificates-from-OpenEdge-may-bypass-TLS-host-name-validation • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7345 – Direct local client connections to MS Agents can bypass authentication
https://notcve.org/view.php?id=CVE-2024-7345
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms • https://community.progress.com/s/article/Direct-local-client-connections-to-MS-Agents-can-bypass-authentication • CWE-94: Improper Control of Generation of Code ('Code Injection') •