This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ProgressSoftware
Published: 2024-01-18T15:11:04.080Z
Updated: 2024-01-18T16:05:02.036Z
Reserved: 2023-08-08T19:44:41.113Z
Link: CVE-2023-40051
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-18T15:15:09.060
Modified: 2024-01-26T15:25:18.917
Link: CVE-2023-40051
JSON object: View
Redhat Information
No data.
CWE