In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) prior to 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS prior to 11.7.16, 12.x prior to 12.2.12, and 12.3.x up to and including 12.6.x prior to 12.7.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
progress openedge explorer |
||
progress openedge management |
||
progress openedge |