CVSS: 9.0EPSS: 13%CPEs: 5EXPL: 0CVE-2023-34203
https://notcve.org/view.php?id=CVE-2023-34203
23 Jun 2023 — In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7. • https://www.progress.com/openedge • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2007-2417
https://notcve.org/view.php?id=CVE-2007-2417
15 Jul 2007 — Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491. Desbordamiento de búfer basado en montículo en _mprosrv.exe de Progress Software Progress 9.1E y OpenEdge 10.1.x, como se usan en RSA Authentication Manager 6.0 y 6.1, SecurI... • http://dvlabs.tippingpoint.com/advisory/TPTI-07-12 •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2007-3491
https://notcve.org/view.php?id=CVE-2007-3491
29 Jun 2007 — Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message. Desbordamiento de búfer en _mprosrv de Progress Software OpenEdge anterior a 9.1E0422, y 10.x anterior a 10.1B01, permite a atacantes remotos tener impacto desconocido mediante mensajes TCP/IP mal formados. • http://osvdb.org/37747 •