CVE-2023-40052 HIGH

CVE-2023-40052: Progress Application Server (PAS) for OpenEdge Denial of Service

Vendor Progress Software Corporation
Product OpenEdge
Weakness CWE-119
Published January 18, 2024
Last update August 29, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0 .  An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server’s remaining ability to process valid requests.

Key dates

02Disclosure timeline

January 18, 2024 CVE published
August 29, 2024 Record updated