CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8755 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-8755
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) • https://support.kemptechnologies.com/hc/en-us/articles/30297374715661-LoadMaster-Security-Vulnerability-CVE-2024-8755 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7591 – Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
https://notcve.org/view.php?id=CVE-2024-7591
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above • https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3544 – LoadMaster Hardcoded SSH Key
https://notcve.org/view.php?id=CVE-2024-3544
Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed. Los atacantes no autenticados pueden realizar acciones utilizando claves privadas SSH conociendo la dirección IP y teniendo acceso a la misma red de una de las máquinas del grupo HA o Cluster. Esta vulnerabilidad se ha solucionado mejorando las comunicaciones con los socios de LoadMaster para requerir un secreto compartido que debe intercambiarse entre los socios antes de que pueda continuar la comunicación. • https://kemptechnologies.com https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3543 – LoadMaster Reversible Password Encryption Algorithm
https://notcve.org/view.php?id=CVE-2024-3543
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system. El uso de un algoritmo de cifrado de contraseña reversible permite a los atacantes descifrar contraseñas. El atacante puede descifrar fácilmente la información confidencial y las credenciales robadas pueden usarse para acciones arbitrarias que corrompan el sistema. • https://kemptechnologies.com https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543 • CWE-257: Storing Passwords in a Recoverable Format •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2449 – LoadMaster Cross-Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-2449
A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator. Se ha identificado una vulnerabilidad de Cross-Site Request Forgery en LoadMaster. Es posible que un actor malintencionado, que tenga conocimiento previo de la IP o el nombre de host de un LoadMaster específico, dirija a un administrador de LoadMaster autenticado a un sitio de terceros. • https://progress.com/loadmaster https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449 • CWE-352: Cross-Site Request Forgery (CSRF) •