Progress Releases Critical Security Update for OpenEdge Authentication Gateway and AdminServer
The critical vulnerability could allow an attacker to bypass authentication controls
Summary
The critical vulnerability could allow an attacker to bypass authentication controls
Affected platforms
The following platforms are known to be affected:
Threat details
Information on vulnerable components
The vulnerability affects OpenEdge Authentication Gateway logins using an OS local authentication provider and all OpenEdge AdminServer logins.
Introduction
Progress has released a security update and mitigation for an authentication bypass vulnerability found in the OpenEdge Authentication Gateway and OpenEdge AdminServer components of the OpenEdge development platform. The critical vulnerability CVE-2024-1403 has a CVSSv3 score of 10.0 and if exploited, could allow an attacker to gain unauthorised access to the OpenEdge platform.
Proof-of-concept code available for CVE-2024-1403
Proof-of-concept code for vulnerability CVE-2024-1403 has been made publicly available, which increases the likelihood of exploitation.
Threat updates
| Date | Update |
|---|---|
| 11 Mar 2024 |
Proof-of-concept code for CVE-2024-1403
The cyber alert has been updated to reflect this change. |
Remediation advice
Affected organisations are encouraged to review the Progress Community advisory Important Security Update for OpenEdge Authentication Gateway and AdminServer and apply the relevant security update.
Progress has also published details of a temporary mitigation that can be implemented until remediation actions have been completed.
Definitive source of threat updates
Last edited: 11 March 2024 2:12 pm