Every CVE whose affected-product data names Progress Openedge, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2024-1403 — CVSS 10.0 (critical): In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an…
CVE-2007-2417 — CVSS 10.0 (critical): Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager…
CVE-2015-9245 — CVSS 9.8 (critical): Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary…
CVE-2023-40051 — CVSS 9.1 (critical): This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation…
CVE-2023-34203 — CVSS 8.8 (high): In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could…
CVE-2024-7345 — CVSS 8.3 (high): Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into…
CVE-2024-7654 — CVSS 8.3 (high): An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was…
CVE-2022-29849 — CVSS 7.8 (high): In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to…
CVE-2007-3491 — CVSS 7.5 (high): Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an…
CVE-2023-40052 — CVSS 7.5 (high): This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation…
CVE-2024-7346 — CVSS 7.2 (high): Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS…
CVE-2014-8555 — CVSS 5.0 (medium): Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read…