CVE-2023-40051 - OpenCVE

This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Progress	Openedge Openedge Innovation

Configuration 1 [-]

OR	cpe:2.3:a:progress:openedge::::::::
	cpe:2.3:a:progress:openedge::::::::

Configuration 2 [-]

cpe:2.3:a:progress:openedge_innovation:*:*:*:*:*:*:*:*

References

Link	Resource
https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport	Vendor Advisory
https://www.progress.com/openedge	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ProgressSoftware

Published: 2024-01-18T15:11:04.080Z

Updated: 2024-01-18T16:05:02.036Z

Reserved: 2023-08-08T19:44:41.113Z

Link: CVE-2023-40051

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-18T15:15:09.060

Modified: 2024-01-26T15:25:18.917

Link: CVE-2023-40051

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-40051", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2023-08-08T19:44:41.113Z", "datePublished": "2024-01-18T15:11:04.080Z", "dateUpdated": "2024-01-18T16:05:02.036Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["Progress Application Server (PAS) for OpenEdge"], "product": "OpenEdge", "vendor": "Progress Software Corporation", "versions": [{"lessThan": "11.7.18", "status": "affected", "version": "11.7.0", "versionType": "semver"}, {"lessThan": "12.2.13", "status": "affected", "version": "12.2.0", "versionType": "semver"}, {"lessThan": "12.8.0", "status": "affected", "version": "Innovation Releases", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.\n\n</p>"}], "value": "This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0.\u00a0An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-17", "descriptions": [{"lang": "en", "value": "CAPEC-17 Using Malicious Files"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-01-18T16:05:02.036Z"}, "references": [{"tags": ["product"], "url": "https://www.progress.com/openedge"}, {"tags": ["vendor-advisory"], "url": "https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport"}], "source": {"discovery": "UNKNOWN"}, "title": "Progress Application Server (PAS) for OpenEdge File Upload via Directory Traversal", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*", "matchCriteriaId": "7298E8E1-4C6A-4AE7-954E-480F86D8B8E1", "versionEndExcluding": "11.7.18", "versionStartIncluding": "11.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*", "matchCriteriaId": "2057ECB7-5DD8-485F-9D43-560A152C883C", "versionEndExcluding": "12.2.13", "versionStartIncluding": "12.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:progress:openedge_innovation:*:*:*:*:*:*:*:*", "matchCriteriaId": "59216BF0-5044-4252-AB97-B63FFAA84F24", "versionEndExcluding": "12.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0.\u00a0An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.\n\n\n\n"}, {"lang": "es", "value": "Este problema afecta a Progress Application Server (PAS) para OpenEdge en las versiones 11.7 anteriores a 11.7.18, 12.2 anteriores a 12.2.13 y versiones de innovaci\u00f3n anteriores a 12.8.0. Un atacante puede formular una solicitud para un transporte WEB que permita cargas de archivos no deseadas a una ruta de directorio del servidor en el sistema que ejecuta PASOE. Si la carga contiene un payload que puede explotar a\u00fan m\u00e1s el servidor o su red, es posible que se lance un ataque a mayor escala."}], "id": "CVE-2023-40051", "lastModified": "2024-01-26T15:25:18.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.3, "source": "security@progress.com", "type": "Secondary"}]}, "published": "2024-01-18T15:15:09.060", "references": [{"source": "security@progress.com", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport"}, {"source": "security@progress.com", "tags": ["Product"], "url": "https://www.progress.com/openedge"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@progress.com", "type": "Secondary"}]}