CVE-2023-34203
https://notcve.org/view.php?id=CVE-2023-34203
In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7. • https://www.progress.com/openedge • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2015-9245
https://notcve.org/view.php?id=CVE-2015-9245
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. Una configuración por defecto insegura en Progress Software OpenEdge, en sus versiones 10.2x y 11.x permite que atacantes remotos no autenticados especifiquen URL arbitrarios desde los que cargar y ejecutar clases Java maliciosas mediante el puerto 20931. • https://knowledgebase.progress.com/articles/Article/How-to-prevent-Java-RMI-class-loader-exploit-with-AdminServer • CWE-284: Improper Access Control •
CVE-2014-8555 – Progress OpenEdge 11.2 - Directory Traversal
https://notcve.org/view.php?id=CVE-2014-8555
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter. Vulnerabilidad de salto de directorio en report/reportViewAction.jsp en Progress Software OpenEdge 11.2 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro selection. Progress OpenEdge version 11.2 suffers from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/35127 http://packetstormsecurity.com/files/129052/Progress-OpenEdge-11.2-Directory-Traversal.html http://www.exploit-db.com/exploits/35127 http://www.exploit-db.com/exploits/35207 https://www.xlabs.com.br/blog/?p=256 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •