Plataforma
other
Componente
openedge
Corregido en
11.7.20
12.2.15
CVE-2024-7345 describes a local code injection vulnerability within OpenEdge. This bypass of security checks in the ABL Client allows an attacker to inject malicious code into Multi-Session Agents. The vulnerability impacts OpenEdge LTS platforms from versions 11.7.0 through 12.8.0, and a fix is available in version 12.8.1.
Successful exploitation of CVE-2024-7345 could grant an attacker unauthorized access and control over the affected OpenEdge system. By injecting malicious code into Multi-Session Agents, an attacker could potentially execute arbitrary commands, steal sensitive data, or even gain persistent access to the system. The impact is particularly concerning in environments where Multi-Session Agents are used to manage critical business processes, as a compromised agent could disrupt operations or lead to data breaches. The blast radius extends to any data processed or managed by the compromised agents.
CVE-2024-7345 was publicly disclosed on September 3, 2024. The vulnerability's impact stems from the ability to bypass security checks, potentially enabling privilege escalation. Currently, there are no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog as of this writing, but its HIGH severity warrants close monitoring.
Organizations heavily reliant on OpenEdge for critical business operations, particularly those utilizing Multi-Session Agents for data processing and management, are at significant risk. Legacy OpenEdge deployments running versions prior to 12.8.1 are especially vulnerable. Shared hosting environments where multiple users share OpenEdge resources also face increased exposure.
• windows / other: Monitor OpenEdge logs for unusual ABL client activity, specifically focusing on attempts to execute unauthorized code. Use Sysinternals tools like Process Monitor to track process creation and network connections related to Multi-Session Agents.
• linux / server: Examine OpenEdge audit logs for suspicious ABL client connections or code execution attempts. Use lsof to identify processes accessing Multi-Session Agent resources.
• generic web: While not directly web-facing, monitor network traffic to and from OpenEdge servers for unusual patterns or connections originating from ABL clients.
disclosure
Estado del Exploit
EPSS
0.06% (18% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2024-7345 is to upgrade to OpenEdge version 12.8.1 or later, which includes the necessary security fixes. If immediate upgrading is not feasible, consider implementing stricter access controls and monitoring Multi-Session Agent activity for suspicious behavior. Review and restrict permissions granted to ABL clients to minimize the potential impact of a successful injection. While a direct workaround is not available, implementing robust logging and auditing of ABL client interactions can aid in detection and incident response. After upgrading, confirm the fix by attempting to trigger the vulnerability and verifying that the security checks are now enforced.
Actualice OpenEdge a la versión LTS 11.7.19 o LTS 12.2.14 o superior. Esto corregirá la vulnerabilidad de omisión de autenticación en los agentes Multi-Session.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2024-7345 is a HIGH severity vulnerability affecting OpenEdge versions 11.7.0 through 12.8.0. It allows attackers to inject malicious code into Multi-Session Agents, potentially compromising the system.
If you are running OpenEdge versions 11.7.0 through 12.8.0, you are potentially affected by this vulnerability. Upgrade to version 12.8.1 or later to mitigate the risk.
The recommended fix is to upgrade to OpenEdge version 12.8.1 or later. If upgrading is not immediately possible, implement stricter access controls and monitor Multi-Session Agent activity.
As of September 2024, there are no confirmed reports of active exploitation, but the HIGH severity of the vulnerability warrants proactive mitigation.
Refer to the official Progress OpenEdge security advisory for detailed information and updates: [https://www.progress.com/security-advisories](https://www.progress.com/security-advisories)
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.