Unintended File Upload Vulnerability in Progress Application Server (PAS) for OpenEdge

Unintended File Upload Vulnerability in Progress Application Server (PAS) for OpenEdge

CVE-2023-40051 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.

Learn more about our Web App Pen Testing.