CVE-2023-40052

Progress Application Server (PAS) for OpenEdge Denial of Service

CVSS 7.5 HIGHEPSS 0.6%CWE-119

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.5EPSS 0.6%KEV nãoPoC —Patch referenciado

Ciclo de vida

18 ene 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 . An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server’s remaining ability to process valid requests.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Productos afectados

Progress Software Corporation · OpenEdge

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://community.progress.com/s/article/Important-Progress-OpenEdge-Product-Alert-for-Progress-Application-Server-for-OpenEdge-PASOE-Denial-of-Service-Vulnerability-in-WEB-Transport https://www.progress.com/openedge