Vulnerability Details : CVE-2023-34203
In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.
Products affected by CVE-2023-34203
- cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:*
- cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:*
- cpe:2.3:a:progress:openedge:*:*:*:*:lts:*:*:*
- cpe:2.3:a:progress:openedge_explorer:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:openedge_management:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-34203
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-34203
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2023-34203
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-34203
-
https://www.progress.com/openedge
OpenEdge Application Development | Progress OpenEdgeProduct
Jump to