1 results (0.001 seconds)

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7. • https://www.progress.com/openedge • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •