{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1403", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2024-02-09T15:46:27.472Z", "datePublished": "2024-02-27T15:39:54.850Z", "dateUpdated": "2024-08-12T19:27:43.016Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["OpenEdge Authentication Gateway", "AdminServer"], "platforms": ["Windows", "Linux", "x86", "64 bit", "32 bit"], "product": "OpenEdge", "vendor": "Progress", "versions": [{"lessThan": "11.7.19", "status": "affected", "version": "11.7.0", "versionType": "semver"}, {"lessThan": "12.2.14", "status": "affected", "version": "12.2.0", "versionType": "semver"}, {"lessThan": "12.8.1", "status": "affected", "version": "12.8.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.&nbsp; The\nvulnerability is a bypass to authentication based on a failure to properly\nhandle username and password. Certain unexpected\ncontent passed into the credentials can lead to unauthorized access without proper\nauthentication. &nbsp; \n\n\n\n\n\n<br>"}], "value": "In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.\u00a0 The\nvulnerability is a bypass to authentication based on a failure to properly\nhandle username and password. Certain unexpected\ncontent passed into the credentials can lead to unauthorized access without proper\nauthentication. \u00a0 \n\n\n\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-305", "description": "CWE-305: Authentication Bypass by Primary Weakness", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-02-27T15:39:54.850Z"}, "references": [{"tags": ["product"], "url": "https://www.progress.com/openedge"}, {"tags": ["vendor-advisory"], "url": "https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer"}], "source": {"discovery": "UNKNOWN"}, "title": "Authentication Bypass in OpenEdge Authentication Gateway and AdminServer", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.248Z"}, "title": "CVE Program Container", "references": [{"tags": ["product", "x_transferred"], "url": "https://www.progress.com/openedge"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer"}]}, {"affected": [{"vendor": "progress", "product": "openedge", "cpes": ["cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "11.7.0", "status": "affected", "lessThan": "11.7.19", "versionType": "semver"}, {"version": "12.2.0", "status": "affected", "lessThan": "12.2.14", "versionType": "semver"}, {"version": "12.8.0", "status": "affected", "lessThan": "12.8.1", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-16T04:00:49.775339Z", "id": "CVE-2024-1403", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T19:27:43.016Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.progress.com/openedge", "tags": ["product", "x_transferred"]}, {"url": "https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:40:21.248Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1403", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-16T04:00:49.775339Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*"], "vendor": "progress", "product": "openedge", "versions": [{"status": "affected", "version": "11.7.0", "lessThan": "11.7.19", "versionType": "semver"}, {"status": "affected", "version": "12.2.0", "lessThan": "12.2.14", "versionType": "semver"}, {"status": "affected", "version": "12.8.0", "lessThan": "12.8.1", "versionType": "semver"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T19:27:37.068Z"}}], "cna": {"title": "Authentication Bypass in OpenEdge Authentication Gateway and AdminServer", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Progress", "modules": ["OpenEdge Authentication Gateway", "AdminServer"], "product": "OpenEdge", "versions": [{"status": "affected", "version": "11.7.0", "lessThan": "11.7.19", "versionType": "semver"}, {"status": "affected", "version": "12.2.0", "lessThan": "12.2.14", "versionType": "semver"}, {"status": "affected", "version": "12.8.0", "lessThan": "12.8.1", "versionType": "semver"}], "platforms": ["Windows", "Linux", "x86", "64 bit", "32 bit"], "defaultStatus": "affected"}], "references": [{"url": "https://www.progress.com/openedge", "tags": ["product"]}, {"url": "https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.\u00a0 The\nvulnerability is a bypass to authentication based on a failure to properly\nhandle username and password. Certain unexpected\ncontent passed into the credentials can lead to unauthorized access without proper\nauthentication. \u00a0 \n\n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.&nbsp; The\nvulnerability is a bypass to authentication based on a failure to properly\nhandle username and password. Certain unexpected\ncontent passed into the credentials can lead to unauthorized access without proper\nauthentication. &nbsp; \n\n\n\n\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-305", "description": "CWE-305: Authentication Bypass by Primary Weakness"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2024-02-27T15:39:54.850Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1403", "state": "PUBLISHED", "dateUpdated": "2024-08-12T19:27:43.016Z", "dateReserved": "2024-02-09T15:46:27.472Z", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "datePublished": "2024-02-27T15:39:54.850Z", "assignerShortName": "ProgressSoftware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:*", "matchCriteriaId": "EE51C6DF-9ADA-4C9C-9820-94DD94ADA656", "versionEndExcluding": "11.7.19", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:*", "matchCriteriaId": "6BD175A1-83AF-410B-9CEE-C9B65F32F3B4", "versionEndExcluding": "12.2.14", "versionStartIncluding": "11.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:*", "matchCriteriaId": "D2D98FDE-6A77-4604-904C-43ABCE323D48", "versionEndExcluding": "12.8.1", "versionStartIncluding": "12.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.\u00a0 The\nvulnerability is a bypass to authentication based on a failure to properly\nhandle username and password. Certain unexpected\ncontent passed into the credentials can lead to unauthorized access without proper\nauthentication. \u00a0 \n\n\n\n\n\n\n"}, {"lang": "es", "value": "En OpenEdge Authentication Gateway y AdminServer anteriores a 11.7.19, 12.2.14, 12.8.1 en todas las plataformas compatibles con el producto OpenEdge, se identific\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. La vulnerabilidad es una omisi\u00f3n de la autenticaci\u00f3n basada en una falla al manejar adecuadamente el nombre de usuario y la contrase\u00f1a. Cierto contenido inesperado que se pasa a las credenciales puede provocar un acceso no autorizado sin la autenticaci\u00f3n adecuada."}], "id": "CVE-2024-1403", "lastModified": "2025-02-11T17:40:59.267", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security@progress.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-27T16:15:45.643", "references": [{"source": "security@progress.com", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer"}, {"source": "security@progress.com", "tags": ["Product"], "url": "https://www.progress.com/openedge"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.progress.com/openedge"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-305"}], "source": "security@progress.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}