CVE-2024-2448 HIGH

CVE-2024-2448: LoadMaster Command Injection Vulnerability

Vendor Progress Software

Product LoadMaster

Weakness CWE-78

Published March 22, 2024

Last update November 15, 2024

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.

Key dates

02Disclosure timeline

March 22, 2024 CVE published

November 15, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-2448

Related vulnerabilities

Identifiers

CVE CVE-2024-2448

CWE CWE-78

CVSS 8.4 / HIGH

Affected versions

Vendor Progress Software

Product LoadMaster

Affected ≥ 7.2.55.0 and < 7.2.59.3 ( LoadMaster GA)

Vendor Progress Software

Product LoadMaster

Affected ≥ 7.2.49.0 and < 7.2.54.9 ( LoadMaster LTSF)

Vendor Progress Software

Product LoadMaster

Affected ≥ 7.2.48.10 and < 7.2.48.11 (LoadMaster LTS)

Vendor Progress Software

Product LoadMaster

Affected ≥ 7.1.35.10 and < 7.1.35.11 (LoadMaster MT)

CVE-2024-2448: LoadMaster Command Injection Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE