- Description
- In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and password. Certain unexpected content passed into the credentials can lead to unauthorized access without proper authentication.
- Source
- security@progress.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@progress.com
- CWE-305
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE51C6DF-9ADA-4C9C-9820-94DD94ADA656",
"versionEndExcluding": "11.7.19"
},
{
"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6BD175A1-83AF-410B-9CEE-C9B65F32F3B4",
"versionEndExcluding": "12.2.14",
"versionStartIncluding": "11.8"
},
{
"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2D98FDE-6A77-4604-904C-43ABCE323D48",
"versionEndExcluding": "12.8.1",
"versionStartIncluding": "12.3"
}
],
"operator": "OR"
}
]
}
]