Search criteria
28 vulnerabilities found for loadmaster by progress
CVE-2025-1758 (GCVE-0-2025-1758)
Vulnerability from nvd – Published: 2025-03-19 15:28 – Updated: 2025-03-19 17:32
VLAI?
Summary
Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects:
* LoadMaster: 7.2.40.0 and above
* ECS: All versions
* Multi-Tenancy: 7.1.35.4 and above
Severity ?
4.3 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
7.2.40.0 , < 7.2.61.1
(LoadMaster)
Affected: 7.1.54.4 , < 7.1.35.14 (Multi Tenancy) |
Credits
Nicholas Zubrisky (@NZubrisky) of Trend Micro Security Research
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T17:32:46.165734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:32:53.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.1",
"status": "affected",
"version": "7.2.40.0",
"versionType": "LoadMaster"
},
{
"lessThan": "7.1.35.14",
"status": "affected",
"version": "7.1.54.4",
"versionType": "Multi Tenancy"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicholas Zubrisky (@NZubrisky) of Trend Micro Security Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer Overflow\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e* LoadMaster: 7.2.40.0 and above\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e* ECS: All versions\u003c/span\u003e\u003c/p\u003e\u003cp\u003e* Multi-Tenancy: 7.1.35.4 and above\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects:\n\n* LoadMaster: 7.2.40.0 and above\n\n* ECS: All versions\n\n* Multi-Tenancy: 7.1.35.4 and above"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:28:09.883Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://docs.progress.com/bundle/release-notes_loadmaster-7-2-61-1/page/Security-Updates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2025-1758",
"datePublished": "2025-03-19T15:28:09.883Z",
"dateReserved": "2025-02-27T16:09:05.410Z",
"dateUpdated": "2025-03-19T17:32:53.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56135 (GCVE-0-2024-56135)
Vulnerability from nvd – Published: 2025-02-05 18:02 – Updated: 2025-02-12 19:41
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
7.2.37.0 , < 7.2.61.0
(LoadMaster)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:36:46.815884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:41:05.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "7.2.37.0",
"versionType": "LoadMaster"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nImproper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.1 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.12 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.1 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\n\nThis issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.1 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.12 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.1 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:02:29.175Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-56135",
"datePublished": "2025-02-05T18:02:29.175Z",
"dateReserved": "2024-12-16T16:25:36.029Z",
"dateUpdated": "2025-02-12T19:41:05.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56134 (GCVE-0-2024-56134)
Vulnerability from nvd – Published: 2025-02-05 18:02 – Updated: 2025-02-05 18:34
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
All Previous Versions , < 7.2.61.0
(LoadMaster)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:34:35.521140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:34:49.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "All Previous Versions",
"versionType": "LoadMaster"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nImproper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.1 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.12 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eMulti-Tenant Hypervisor \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.1.35.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.1 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\n\nThis issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.1 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.12 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nMulti-Tenant Hypervisor \n\n\n\n\n\n7.1.35.12 and all prior versions \n\n\n\n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.1 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:02:03.882Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-56134",
"datePublished": "2025-02-05T18:02:03.882Z",
"dateReserved": "2024-12-16T16:25:36.029Z",
"dateUpdated": "2025-02-05T18:34:49.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56133 (GCVE-0-2024-56133)
Vulnerability from nvd – Published: 2025-02-05 18:01 – Updated: 2025-02-05 18:35
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
7.1.35.0 , < 7.2.61.0
(LoadMaster)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:35:36.354907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:35:44.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "7.1.35.0",
"versionType": "LoadMaster"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nImproper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.1 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.12 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.1 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\n\nThis issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.1 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.12 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.1 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:01:31.031Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-56133",
"datePublished": "2025-02-05T18:01:31.031Z",
"dateReserved": "2024-12-16T16:25:36.028Z",
"dateUpdated": "2025-02-05T18:35:44.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56132 (GCVE-0-2024-56132)
Vulnerability from nvd – Published: 2025-02-05 18:01 – Updated: 2025-02-05 18:38
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
All Previous Versions , < 7.2.61.0
(LoadMaster)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:38:43.675067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:38:55.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "All Previous Versions",
"versionType": "LoadMaster"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nImproper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.1 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.12 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.1 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\n\nThis issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.1 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.12 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.1 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:01:02.522Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-56132",
"datePublished": "2025-02-05T18:01:02.522Z",
"dateReserved": "2024-12-16T16:25:36.028Z",
"dateUpdated": "2025-02-05T18:38:55.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56131 (GCVE-0-2024-56131)
Vulnerability from nvd – Published: 2025-02-05 18:00 – Updated: 2025-02-05 18:39
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
All Previous Versions , < 7.2.61.0
(LoadMaster)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:39:28.256468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:39:38.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "All Previous Versions",
"versionType": "LoadMaster"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nImproper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.1 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.12 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eMulti-Tenant Hypervisor \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.1.35.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.1 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\n\nThis issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.1 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.12 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nMulti-Tenant Hypervisor \n\n\n\n\n\n7.1.35.12 and all prior versions \n\n\n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.1 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:00:34.542Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-56131",
"datePublished": "2025-02-05T18:00:34.542Z",
"dateReserved": "2024-12-16T16:25:36.028Z",
"dateUpdated": "2025-02-05T18:39:38.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8755 (GCVE-0-2024-8755)
Vulnerability from nvd – Published: 2024-10-11 14:19 – Updated: 2024-11-15 20:05
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
0 , < 7.2.61.0
(LoadMaster)
|
Credits
Huydoppa from giaohangtietkiem.vn
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T14:47:42.591822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T20:05:53.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "0",
"versionType": "LoadMaster"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Huydoppa from giaohangtietkiem.vn"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.1 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.12 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eMulti-Tenant Hypervisor \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.1.35.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.1 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:\n\n\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.1 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.12 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nMulti-Tenant Hypervisor \n\n\n\n\n\n7.1.35.12 and all prior versions \n\n\n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.1 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T14:19:45.909Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/30297374715661-LoadMaster-Security-Vulnerability-CVE-2024-8755"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-8755",
"datePublished": "2024-10-11T14:19:45.909Z",
"dateReserved": "2024-09-12T14:52:47.333Z",
"dateUpdated": "2024-11-15T20:05:53.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6658 (GCVE-0-2024-6658)
Vulnerability from nvd – Published: 2024-09-12 14:38 – Updated: 2024-09-23 19:19
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.0 (inclusive)
From 7.2.49.0 to 7.2.54.11 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.11 and all prior versions
ECS
All prior versions to 7.2.60.0 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
All Previous Versions , < 7.2.60.1
(LoadMaster)
|
Credits
Huydoppa from giaohangtietkiem.vn
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThanOrEqual": "7.2.48.12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.2.54.12",
"status": "affected",
"version": "7.2.49.0",
"versionType": "custom"
},
{
"lessThan": "7.2.60.1",
"status": "affected",
"version": "7.2.55.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster_mt:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "loadmaster_mt",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.1.35.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:52:16.894185Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:55:48.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.60.1",
"status": "affected",
"version": "All Previous Versions",
"versionType": "LoadMaster"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Huydoppa from giaohangtietkiem.vn"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.0 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.11 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eMulti-Tenant Hypervisor \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.1.35.11 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.0 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.0 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.11 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nMulti-Tenant Hypervisor \n\n\n\n\n\n7.1.35.11 and all prior versions \n\n\n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.0 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T19:19:19.461Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/28910587250701"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-6658",
"datePublished": "2024-09-12T14:38:48.129Z",
"dateReserved": "2024-07-10T14:36:47.692Z",
"dateUpdated": "2024-09-23T19:19:19.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7591 (GCVE-0-2024-7591)
Vulnerability from nvd – Published: 2024-09-05 17:16 – Updated: 2025-02-18 15:36
VLAI?
Title
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
Summary
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects:
* LoadMaster: 7.2.40.0 and above
* ECS: All versions
* Multi-Tenancy: 7.1.35.4 and above
Severity ?
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
7.2.40.0 , < 7.2.60.1
(LoadMaster)
|
Credits
Florian Grunow - ERNW
Marius Walter - ERNW
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThanOrEqual": "7.2.60.0",
"status": "affected",
"version": "7.2.40.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster_mt:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "loadmaster_mt",
"vendor": "kemptechnologies",
"versions": [
{
"lessThanOrEqual": "7.1.35.11",
"status": "affected",
"version": "7.1.35.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T03:55:17.125312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:42:57.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.60.1",
"status": "affected",
"version": "7.2.40.0",
"versionType": "LoadMaster"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Florian Grunow - ERNW"
},
{
"lang": "en",
"type": "finder",
"value": "Marius Walter - ERNW"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e* LoadMaster: 7.2.40.0 and above\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e* ECS: All versions\u003c/span\u003e\u003c/p\u003e\u003cp\u003e* Multi-Tenancy: 7.1.35.4 and above\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects:\n\n* LoadMaster: 7.2.40.0 and above\n\n* ECS: All versions\n\n* Multi-Tenancy: 7.1.35.4 and above"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T15:36:20.769Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591"
},
{
"url": "https://insinuator.net/2024/11/vulnerability-disclosure-command-injection-in-kemp-loadmaster-load-balancer-cve-2024-7591"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-7591",
"datePublished": "2024-09-05T17:16:30.342Z",
"dateReserved": "2024-08-07T14:49:00.971Z",
"dateUpdated": "2025-02-18T15:36:20.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3544 (GCVE-0-2024-3544)
Vulnerability from nvd – Published: 2024-05-02 14:08 – Updated: 2024-08-01 20:12
VLAI?
Title
LoadMaster Hardcoded SSH Key
Summary
Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.
Severity ?
7.5 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software Corporation | LoadMaster |
Affected:
LoadMaster 7.2.55.0 (GA) , < 7.2.59.4
(semver)
Affected: LoadMaster 7.2.49.0 (LTSF) , < 7.2.54.10 (semver) Affected: LoadMaster 7.2.48.11 (LTS) , < 7.2.48.12 (semver) |
Credits
Agenzia per la Cybersicurezza Nazionale (ACN)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.55.0\\(ga\\):*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.59.4",
"status": "affected",
"version": "7.2.55.0\\(ga\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.49.0\\(ltsf\\):*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "7.2.49.0\\(ltsf\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.48.11\\(lts\\):*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "7.2.48.11\\(lts\\)",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T21:03:12.546232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T21:41:23.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LoadMaster",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "7.2.59.4",
"status": "affected",
"version": "LoadMaster 7.2.55.0 (GA)",
"versionType": "semver"
},
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "LoadMaster 7.2.49.0 (LTSF)",
"versionType": "semver"
},
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "LoadMaster 7.2.48.11 (LTS)",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Agenzia per la Cybersicurezza Nazionale (ACN)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUnauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.\n\n"
}
],
"value": "\nUnauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115: Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T11:59:50.733Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Hardcoded SSH Key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-3544",
"datePublished": "2024-05-02T14:08:06.683Z",
"dateReserved": "2024-04-09T18:05:52.839Z",
"dateUpdated": "2024-08-01T20:12:07.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3543 (GCVE-0-2024-3543)
Vulnerability from nvd – Published: 2024-05-02 14:05 – Updated: 2024-08-08 14:59
VLAI?
Title
LoadMaster Reversible Password Encryption Algorithm
Summary
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.
Severity ?
6.4 (Medium)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software Corporation | LoadMaster |
Affected:
LoadMaster 7.2.55.0 (GA) , < 7.2.59.4
(semver)
Affected: LoadMaster 7.2.49.0 (LTSF) , < 7.2.54.10 (semver) Affected: LoadMaster 7.2.48.11 (LTS) , < 7.2.48.12 (semver) |
Credits
Agenzia per la Cybersicurezza Nazionale (ACN)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.48.11\\(lts\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "7.2.48.11\\(lts\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.49.0\\(ltsf\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "7.2.49.0\\(ltsf\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.55.0\\(ga\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.5.59.4",
"status": "affected",
"version": "7.2.55.0\\(ga\\)",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T15:51:54.344919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:59:24.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LoadMaster",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "7.2.59.4",
"status": "affected",
"version": "LoadMaster 7.2.55.0 (GA)",
"versionType": "semver"
},
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "LoadMaster 7.2.49.0 (LTSF)",
"versionType": "semver"
},
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "LoadMaster 7.2.48.11 (LTS)",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Agenzia per la Cybersicurezza Nazionale (ACN)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUse of reversible password encryption algorithm allows attackers to decrypt passwords.\u0026nbsp; Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.\n\n"
}
],
"value": "\nUse of reversible password encryption algorithm allows attackers to decrypt passwords.\u00a0 Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37: Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257: Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T11:59:41.919Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Reversible Password Encryption Algorithm",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-3543",
"datePublished": "2024-05-02T14:05:26.748Z",
"dateReserved": "2024-04-09T18:05:51.821Z",
"dateUpdated": "2024-08-08T14:59:24.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2449 (GCVE-0-2024-2449)
Vulnerability from nvd – Published: 2024-03-22 13:35 – Updated: 2024-08-12 19:23
VLAI?
Title
LoadMaster Cross-Site Request Forgery (CSRF)
Summary
A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator.
Severity ?
7.5 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software | LoadMaster |
Affected:
7.2.55.0 , < 7.2.59.3 ( LoadMaster GA)
(semver)
Affected: 7.2.49.0 , < 7.2.54.9 ( LoadMaster LTSF) (semver) Affected: 7.2.48.10 , < 7.2.48.11 (LoadMaster LTS) (semver) Affected: 7.1.35.10 , < 7.1.35.11 (LoadMaster MT) (semver) |
Credits
Rhino Security Labs - David Yesland
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://progress.com/loadmaster"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.59.3",
"status": "affected",
"version": "7.2.55.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:progress:loadmaster:*:*:*:*:lts:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "progress",
"versions": [
{
"lessThan": "7.2.48.11",
"status": "affected",
"version": "7.2.48.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:progress:loadmaster:*:*:*:*:ltsf:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "progress",
"versions": [
{
"lessThan": "7.2.54.9",
"status": "affected",
"version": "7.2.49.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:progress:loadmaster:*:*:*:*:ml:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "progress",
"versions": [
{
"lessThan": "7.1.35.11",
"status": "affected",
"version": "7.1.35.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-22T14:59:39.862131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:23:36.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"LoadMaster",
"Multi-Tenancy",
"ECS Connection Manager",
"LM 360 Connector"
],
"product": "LoadMaster",
"vendor": "Progress Software",
"versions": [
{
"lessThan": "7.2.59.3 ( LoadMaster GA)",
"status": "affected",
"version": "7.2.55.0",
"versionType": "semver"
},
{
"lessThan": "7.2.54.9 ( LoadMaster LTSF)",
"status": "affected",
"version": "7.2.49.0",
"versionType": "semver"
},
{
"lessThan": "7.2.48.11 (LoadMaster LTS)",
"status": "affected",
"version": "7.2.48.10",
"versionType": "semver"
},
{
"lessThan": "7.1.35.11 (LoadMaster MT)",
"status": "affected",
"version": "7.1.35.10",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rhino Security Labs - David Yesland"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A cross-site request forgery vulnerability has been identified in LoadMaster.\u0026nbsp; It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator."
}
],
"value": "A cross-site request forgery vulnerability has been identified in LoadMaster.\u00a0 It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T13:35:39.103Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://progress.com/loadmaster"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Cross-Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-2449",
"datePublished": "2024-03-22T13:35:39.103Z",
"dateReserved": "2024-03-14T12:32:14.175Z",
"dateUpdated": "2024-08-12T19:23:36.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2448 (GCVE-0-2024-2448)
Vulnerability from nvd – Published: 2024-03-22 13:32 – Updated: 2024-11-15 20:05
VLAI?
Title
LoadMaster Command Injection Vulnerability
Summary
An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.
Severity ?
8.4 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software | LoadMaster |
Affected:
7.2.55.0 , < 7.2.59.3 ( LoadMaster GA)
(semver)
Affected: 7.2.49.0 , < 7.2.54.9 ( LoadMaster LTSF) (semver) Affected: 7.2.48.10 , < 7.2.48.11 (LoadMaster LTS) (semver) Affected: 7.1.35.10 , < 7.1.35.11 (LoadMaster MT) (semver) |
Credits
Rhino Security Labs - David Yesland
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.59.3",
"status": "affected",
"version": "7.2.55.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.54.9",
"status": "affected",
"version": "7.2.49.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.11",
"status": "affected",
"version": "7.2.48.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.1.35.11",
"status": "affected",
"version": "7.1.35.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T16:42:59.399950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T20:05:31.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://progress.com/loadmaster"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"LoadMaster",
"Multi-Tenancy"
],
"product": "LoadMaster",
"vendor": "Progress Software",
"versions": [
{
"lessThan": "7.2.59.3 ( LoadMaster GA)",
"status": "affected",
"version": "7.2.55.0",
"versionType": "semver"
},
{
"lessThan": "7.2.54.9 ( LoadMaster LTSF)",
"status": "affected",
"version": "7.2.49.0",
"versionType": "semver"
},
{
"lessThan": "7.2.48.11 (LoadMaster LTS)",
"status": "affected",
"version": "7.2.48.10",
"versionType": "semver"
},
{
"lessThan": "7.1.35.11 (LoadMaster MT)",
"status": "affected",
"version": "7.1.35.10",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rhino Security Labs - David Yesland"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability has been identified in LoadMaster.\u0026nbsp; An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection."
}
],
"value": "An OS command injection vulnerability has been identified in LoadMaster.\u00a0 An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
},
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 API Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T13:32:43.657Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://progress.com/loadmaster"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Command Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-2448",
"datePublished": "2024-03-22T13:32:43.657Z",
"dateReserved": "2024-03-14T12:32:13.199Z",
"dateUpdated": "2024-11-15T20:05:31.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1212 (GCVE-0-2024-1212)
Vulnerability from nvd – Published: 2024-02-21 17:39 – Updated: 2025-10-21 23:05
VLAI?
Title
LoadMaster Pre-Authenticated OS Command Injection
Summary
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
Severity ?
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software | LoadMaster |
Affected:
7.2.48.1 , < 7.2.48.10
(semver)
Affected: 7.2.54.0 , < 7.2.54.8 (semver) Affected: 7.2.55.0 , < 7.2.59.2 (semver) |
Credits
Rhino Security Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:24.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://freeloadbalancer.com/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.10",
"status": "affected",
"version": "7.2.48.1",
"versionType": "custom"
},
{
"lessThan": "7.2.54.8",
"status": "affected",
"version": "7.2.54.0",
"versionType": "custom"
},
{
"lessThan": "7.2.59.2",
"status": "affected",
"version": "7.2.55.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.10",
"status": "affected",
"version": "7.2.48.1",
"versionType": "custom"
},
{
"lessThan": "7.2.54.8",
"status": "affected",
"version": "7.2.54.0",
"versionType": "custom"
},
{
"lessThan": "7.2.59.2",
"status": "affected",
"version": "7.2.55.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.10",
"status": "affected",
"version": "7.2.48.1",
"versionType": "custom"
},
{
"lessThan": "7.2.54.8",
"status": "affected",
"version": "7.2.54.0",
"versionType": "custom"
},
{
"lessThan": "7.2.59.2",
"status": "affected",
"version": "7.2.55.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1212",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T04:55:44.568916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-18",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1212"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:23.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1212"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-18T00:00:00+00:00",
"value": "CVE-2024-1212 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"LoadMaster Management Interface"
],
"platforms": [
"Linux"
],
"product": "LoadMaster",
"vendor": "Progress Software",
"versions": [
{
"lessThan": "7.2.48.10",
"status": "affected",
"version": "7.2.48.1",
"versionType": "semver"
},
{
"lessThan": "7.2.54.8",
"status": "affected",
"version": "7.2.54.0",
"versionType": "semver"
},
{
"lessThan": "7.2.59.2",
"status": "affected",
"version": "7.2.55.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rhino Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 API Manipulation"
}
]
},
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T20:45:42.781Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"product"
],
"url": "https://freeloadbalancer.com/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Pre-Authenticated OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-1212",
"datePublished": "2024-02-21T17:39:12.599Z",
"dateReserved": "2024-02-02T18:16:01.280Z",
"dateUpdated": "2025-10-21T23:05:23.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1758 (GCVE-0-2025-1758)
Vulnerability from cvelistv5 – Published: 2025-03-19 15:28 – Updated: 2025-03-19 17:32
VLAI?
Summary
Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects:
* LoadMaster: 7.2.40.0 and above
* ECS: All versions
* Multi-Tenancy: 7.1.35.4 and above
Severity ?
4.3 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
7.2.40.0 , < 7.2.61.1
(LoadMaster)
Affected: 7.1.54.4 , < 7.1.35.14 (Multi Tenancy) |
Credits
Nicholas Zubrisky (@NZubrisky) of Trend Micro Security Research
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T17:32:46.165734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:32:53.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.1",
"status": "affected",
"version": "7.2.40.0",
"versionType": "LoadMaster"
},
{
"lessThan": "7.1.35.14",
"status": "affected",
"version": "7.1.54.4",
"versionType": "Multi Tenancy"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicholas Zubrisky (@NZubrisky) of Trend Micro Security Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer Overflow\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e* LoadMaster: 7.2.40.0 and above\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e* ECS: All versions\u003c/span\u003e\u003c/p\u003e\u003cp\u003e* Multi-Tenancy: 7.1.35.4 and above\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects:\n\n* LoadMaster: 7.2.40.0 and above\n\n* ECS: All versions\n\n* Multi-Tenancy: 7.1.35.4 and above"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:28:09.883Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://docs.progress.com/bundle/release-notes_loadmaster-7-2-61-1/page/Security-Updates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2025-1758",
"datePublished": "2025-03-19T15:28:09.883Z",
"dateReserved": "2025-02-27T16:09:05.410Z",
"dateUpdated": "2025-03-19T17:32:53.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56135 (GCVE-0-2024-56135)
Vulnerability from cvelistv5 – Published: 2025-02-05 18:02 – Updated: 2025-02-12 19:41
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
7.2.37.0 , < 7.2.61.0
(LoadMaster)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56135",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:36:46.815884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:41:05.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "7.2.37.0",
"versionType": "LoadMaster"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nImproper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.1 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.12 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.1 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\n\nThis issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.1 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.12 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.1 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:02:29.175Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-56135",
"datePublished": "2025-02-05T18:02:29.175Z",
"dateReserved": "2024-12-16T16:25:36.029Z",
"dateUpdated": "2025-02-12T19:41:05.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56134 (GCVE-0-2024-56134)
Vulnerability from cvelistv5 – Published: 2025-02-05 18:02 – Updated: 2025-02-05 18:34
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
All Previous Versions , < 7.2.61.0
(LoadMaster)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:34:35.521140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:34:49.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "All Previous Versions",
"versionType": "LoadMaster"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nImproper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.1 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.12 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eMulti-Tenant Hypervisor \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.1.35.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.1 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\n\nThis issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.1 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.12 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nMulti-Tenant Hypervisor \n\n\n\n\n\n7.1.35.12 and all prior versions \n\n\n\n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.1 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:02:03.882Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-56134",
"datePublished": "2025-02-05T18:02:03.882Z",
"dateReserved": "2024-12-16T16:25:36.029Z",
"dateUpdated": "2025-02-05T18:34:49.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56133 (GCVE-0-2024-56133)
Vulnerability from cvelistv5 – Published: 2025-02-05 18:01 – Updated: 2025-02-05 18:35
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
7.1.35.0 , < 7.2.61.0
(LoadMaster)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:35:36.354907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:35:44.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "7.1.35.0",
"versionType": "LoadMaster"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nImproper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.1 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.12 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.1 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\n\nThis issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.1 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.12 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.1 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:01:31.031Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-56133",
"datePublished": "2025-02-05T18:01:31.031Z",
"dateReserved": "2024-12-16T16:25:36.028Z",
"dateUpdated": "2025-02-05T18:35:44.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56132 (GCVE-0-2024-56132)
Vulnerability from cvelistv5 – Published: 2025-02-05 18:01 – Updated: 2025-02-05 18:38
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
All Previous Versions , < 7.2.61.0
(LoadMaster)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:38:43.675067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:38:55.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "All Previous Versions",
"versionType": "LoadMaster"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nImproper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.1 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.12 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.1 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\n\nThis issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.1 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.12 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.1 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:01:02.522Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-56132",
"datePublished": "2025-02-05T18:01:02.522Z",
"dateReserved": "2024-12-16T16:25:36.028Z",
"dateUpdated": "2025-02-05T18:38:55.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56131 (GCVE-0-2024-56131)
Vulnerability from cvelistv5 – Published: 2025-02-05 18:00 – Updated: 2025-02-05 18:39
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
All Previous Versions , < 7.2.61.0
(LoadMaster)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:39:28.256468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:39:38.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "All Previous Versions",
"versionType": "LoadMaster"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nImproper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.1 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.12 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eMulti-Tenant Hypervisor \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.1.35.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.1 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\n\nThis issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.1 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.12 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nMulti-Tenant Hypervisor \n\n\n\n\n\n7.1.35.12 and all prior versions \n\n\n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.1 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:00:34.542Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-56131",
"datePublished": "2025-02-05T18:00:34.542Z",
"dateReserved": "2024-12-16T16:25:36.028Z",
"dateUpdated": "2025-02-05T18:39:38.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8755 (GCVE-0-2024-8755)
Vulnerability from cvelistv5 – Published: 2024-10-11 14:19 – Updated: 2024-11-15 20:05
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
0 , < 7.2.61.0
(LoadMaster)
|
Credits
Huydoppa from giaohangtietkiem.vn
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T14:47:42.591822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T20:05:53.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.0",
"status": "affected",
"version": "0",
"versionType": "LoadMaster"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Huydoppa from giaohangtietkiem.vn"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.1 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.12 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eMulti-Tenant Hypervisor \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.1.35.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.1 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:\n\n\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.1 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.12 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nMulti-Tenant Hypervisor \n\n\n\n\n\n7.1.35.12 and all prior versions \n\n\n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.1 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T14:19:45.909Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/30297374715661-LoadMaster-Security-Vulnerability-CVE-2024-8755"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-8755",
"datePublished": "2024-10-11T14:19:45.909Z",
"dateReserved": "2024-09-12T14:52:47.333Z",
"dateUpdated": "2024-11-15T20:05:53.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6658 (GCVE-0-2024-6658)
Vulnerability from cvelistv5 – Published: 2024-09-12 14:38 – Updated: 2024-09-23 19:19
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.0 (inclusive)
From 7.2.49.0 to 7.2.54.11 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.11 and all prior versions
ECS
All prior versions to 7.2.60.0 (inclusive)
Severity ?
8.4 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
All Previous Versions , < 7.2.60.1
(LoadMaster)
|
Credits
Huydoppa from giaohangtietkiem.vn
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThanOrEqual": "7.2.48.12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "7.2.54.12",
"status": "affected",
"version": "7.2.49.0",
"versionType": "custom"
},
{
"lessThan": "7.2.60.1",
"status": "affected",
"version": "7.2.55.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster_mt:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "loadmaster_mt",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.1.35.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:52:16.894185Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:55:48.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.60.1",
"status": "affected",
"version": "All Previous Versions",
"versionType": "LoadMaster"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Huydoppa from giaohangtietkiem.vn"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.0 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.11 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eMulti-Tenant Hypervisor \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.1.35.11 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.0 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\n\n\u003cbr\u003e"
}
],
"value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.0 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.11 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nMulti-Tenant Hypervisor \n\n\n\n\n\n7.1.35.11 and all prior versions \n\n\n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.0 (inclusive)"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T19:19:19.461Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/28910587250701"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-6658",
"datePublished": "2024-09-12T14:38:48.129Z",
"dateReserved": "2024-07-10T14:36:47.692Z",
"dateUpdated": "2024-09-23T19:19:19.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7591 (GCVE-0-2024-7591)
Vulnerability from cvelistv5 – Published: 2024-09-05 17:16 – Updated: 2025-02-18 15:36
VLAI?
Title
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection
Summary
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects:
* LoadMaster: 7.2.40.0 and above
* ECS: All versions
* Multi-Tenancy: 7.1.35.4 and above
Severity ?
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress | LoadMaster |
Affected:
7.2.40.0 , < 7.2.60.1
(LoadMaster)
|
Credits
Florian Grunow - ERNW
Marius Walter - ERNW
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThanOrEqual": "7.2.60.0",
"status": "affected",
"version": "7.2.40.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster_mt:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "loadmaster_mt",
"vendor": "kemptechnologies",
"versions": [
{
"lessThanOrEqual": "7.1.35.11",
"status": "affected",
"version": "7.1.35.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T03:55:17.125312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:42:57.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.60.1",
"status": "affected",
"version": "7.2.40.0",
"versionType": "LoadMaster"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Florian Grunow - ERNW"
},
{
"lang": "en",
"type": "finder",
"value": "Marius Walter - ERNW"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e* LoadMaster: 7.2.40.0 and above\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e* ECS: All versions\u003c/span\u003e\u003c/p\u003e\u003cp\u003e* Multi-Tenancy: 7.1.35.4 and above\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects:\n\n* LoadMaster: 7.2.40.0 and above\n\n* ECS: All versions\n\n* Multi-Tenancy: 7.1.35.4 and above"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T15:36:20.769Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591"
},
{
"url": "https://insinuator.net/2024/11/vulnerability-disclosure-command-injection-in-kemp-loadmaster-load-balancer-cve-2024-7591"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-7591",
"datePublished": "2024-09-05T17:16:30.342Z",
"dateReserved": "2024-08-07T14:49:00.971Z",
"dateUpdated": "2025-02-18T15:36:20.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3544 (GCVE-0-2024-3544)
Vulnerability from cvelistv5 – Published: 2024-05-02 14:08 – Updated: 2024-08-01 20:12
VLAI?
Title
LoadMaster Hardcoded SSH Key
Summary
Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.
Severity ?
7.5 (High)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software Corporation | LoadMaster |
Affected:
LoadMaster 7.2.55.0 (GA) , < 7.2.59.4
(semver)
Affected: LoadMaster 7.2.49.0 (LTSF) , < 7.2.54.10 (semver) Affected: LoadMaster 7.2.48.11 (LTS) , < 7.2.48.12 (semver) |
Credits
Agenzia per la Cybersicurezza Nazionale (ACN)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.55.0\\(ga\\):*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.59.4",
"status": "affected",
"version": "7.2.55.0\\(ga\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.49.0\\(ltsf\\):*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "7.2.49.0\\(ltsf\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.48.11\\(lts\\):*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "7.2.48.11\\(lts\\)",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T21:03:12.546232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T21:41:23.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LoadMaster",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "7.2.59.4",
"status": "affected",
"version": "LoadMaster 7.2.55.0 (GA)",
"versionType": "semver"
},
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "LoadMaster 7.2.49.0 (LTSF)",
"versionType": "semver"
},
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "LoadMaster 7.2.48.11 (LTS)",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Agenzia per la Cybersicurezza Nazionale (ACN)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUnauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.\n\n"
}
],
"value": "\nUnauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115: Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T11:59:50.733Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Hardcoded SSH Key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-3544",
"datePublished": "2024-05-02T14:08:06.683Z",
"dateReserved": "2024-04-09T18:05:52.839Z",
"dateUpdated": "2024-08-01T20:12:07.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3543 (GCVE-0-2024-3543)
Vulnerability from cvelistv5 – Published: 2024-05-02 14:05 – Updated: 2024-08-08 14:59
VLAI?
Title
LoadMaster Reversible Password Encryption Algorithm
Summary
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.
Severity ?
6.4 (Medium)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software Corporation | LoadMaster |
Affected:
LoadMaster 7.2.55.0 (GA) , < 7.2.59.4
(semver)
Affected: LoadMaster 7.2.49.0 (LTSF) , < 7.2.54.10 (semver) Affected: LoadMaster 7.2.48.11 (LTS) , < 7.2.48.12 (semver) |
Credits
Agenzia per la Cybersicurezza Nazionale (ACN)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.48.11\\(lts\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "7.2.48.11\\(lts\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.49.0\\(ltsf\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "7.2.49.0\\(ltsf\\)",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:7.2.55.0\\(ga\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.5.59.4",
"status": "affected",
"version": "7.2.55.0\\(ga\\)",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T15:51:54.344919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:59:24.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "LoadMaster",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "7.2.59.4",
"status": "affected",
"version": "LoadMaster 7.2.55.0 (GA)",
"versionType": "semver"
},
{
"lessThan": "7.2.54.10",
"status": "affected",
"version": "LoadMaster 7.2.49.0 (LTSF)",
"versionType": "semver"
},
{
"lessThan": "7.2.48.12",
"status": "affected",
"version": "LoadMaster 7.2.48.11 (LTS)",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Agenzia per la Cybersicurezza Nazionale (ACN)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUse of reversible password encryption algorithm allows attackers to decrypt passwords.\u0026nbsp; Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.\n\n"
}
],
"value": "\nUse of reversible password encryption algorithm allows attackers to decrypt passwords.\u00a0 Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37: Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257: Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T11:59:41.919Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Reversible Password Encryption Algorithm",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-3543",
"datePublished": "2024-05-02T14:05:26.748Z",
"dateReserved": "2024-04-09T18:05:51.821Z",
"dateUpdated": "2024-08-08T14:59:24.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2449 (GCVE-0-2024-2449)
Vulnerability from cvelistv5 – Published: 2024-03-22 13:35 – Updated: 2024-08-12 19:23
VLAI?
Title
LoadMaster Cross-Site Request Forgery (CSRF)
Summary
A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator.
Severity ?
7.5 (High)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software | LoadMaster |
Affected:
7.2.55.0 , < 7.2.59.3 ( LoadMaster GA)
(semver)
Affected: 7.2.49.0 , < 7.2.54.9 ( LoadMaster LTSF) (semver) Affected: 7.2.48.10 , < 7.2.48.11 (LoadMaster LTS) (semver) Affected: 7.1.35.10 , < 7.1.35.11 (LoadMaster MT) (semver) |
Credits
Rhino Security Labs - David Yesland
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://progress.com/loadmaster"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.59.3",
"status": "affected",
"version": "7.2.55.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:progress:loadmaster:*:*:*:*:lts:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "progress",
"versions": [
{
"lessThan": "7.2.48.11",
"status": "affected",
"version": "7.2.48.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:progress:loadmaster:*:*:*:*:ltsf:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "progress",
"versions": [
{
"lessThan": "7.2.54.9",
"status": "affected",
"version": "7.2.49.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:progress:loadmaster:*:*:*:*:ml:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "progress",
"versions": [
{
"lessThan": "7.1.35.11",
"status": "affected",
"version": "7.1.35.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-22T14:59:39.862131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:23:36.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"LoadMaster",
"Multi-Tenancy",
"ECS Connection Manager",
"LM 360 Connector"
],
"product": "LoadMaster",
"vendor": "Progress Software",
"versions": [
{
"lessThan": "7.2.59.3 ( LoadMaster GA)",
"status": "affected",
"version": "7.2.55.0",
"versionType": "semver"
},
{
"lessThan": "7.2.54.9 ( LoadMaster LTSF)",
"status": "affected",
"version": "7.2.49.0",
"versionType": "semver"
},
{
"lessThan": "7.2.48.11 (LoadMaster LTS)",
"status": "affected",
"version": "7.2.48.10",
"versionType": "semver"
},
{
"lessThan": "7.1.35.11 (LoadMaster MT)",
"status": "affected",
"version": "7.1.35.10",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rhino Security Labs - David Yesland"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A cross-site request forgery vulnerability has been identified in LoadMaster.\u0026nbsp; It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator."
}
],
"value": "A cross-site request forgery vulnerability has been identified in LoadMaster.\u00a0 It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T13:35:39.103Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://progress.com/loadmaster"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Cross-Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-2449",
"datePublished": "2024-03-22T13:35:39.103Z",
"dateReserved": "2024-03-14T12:32:14.175Z",
"dateUpdated": "2024-08-12T19:23:36.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2448 (GCVE-0-2024-2448)
Vulnerability from cvelistv5 – Published: 2024-03-22 13:32 – Updated: 2024-11-15 20:05
VLAI?
Title
LoadMaster Command Injection Vulnerability
Summary
An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.
Severity ?
8.4 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software | LoadMaster |
Affected:
7.2.55.0 , < 7.2.59.3 ( LoadMaster GA)
(semver)
Affected: 7.2.49.0 , < 7.2.54.9 ( LoadMaster LTSF) (semver) Affected: 7.2.48.10 , < 7.2.48.11 (LoadMaster LTS) (semver) Affected: 7.1.35.10 , < 7.1.35.11 (LoadMaster MT) (semver) |
Credits
Rhino Security Labs - David Yesland
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.59.3",
"status": "affected",
"version": "7.2.55.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.54.9",
"status": "affected",
"version": "7.2.49.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.11",
"status": "affected",
"version": "7.2.48.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.1.35.11",
"status": "affected",
"version": "7.1.35.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T16:42:59.399950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T20:05:31.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://progress.com/loadmaster"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"LoadMaster",
"Multi-Tenancy"
],
"product": "LoadMaster",
"vendor": "Progress Software",
"versions": [
{
"lessThan": "7.2.59.3 ( LoadMaster GA)",
"status": "affected",
"version": "7.2.55.0",
"versionType": "semver"
},
{
"lessThan": "7.2.54.9 ( LoadMaster LTSF)",
"status": "affected",
"version": "7.2.49.0",
"versionType": "semver"
},
{
"lessThan": "7.2.48.11 (LoadMaster LTS)",
"status": "affected",
"version": "7.2.48.10",
"versionType": "semver"
},
{
"lessThan": "7.1.35.11 (LoadMaster MT)",
"status": "affected",
"version": "7.1.35.10",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rhino Security Labs - David Yesland"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An OS command injection vulnerability has been identified in LoadMaster.\u0026nbsp; An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection."
}
],
"value": "An OS command injection vulnerability has been identified in LoadMaster.\u00a0 An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88: OS Command Injection"
}
]
},
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 API Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T13:32:43.657Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://progress.com/loadmaster"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Command Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-2448",
"datePublished": "2024-03-22T13:32:43.657Z",
"dateReserved": "2024-03-14T12:32:13.199Z",
"dateUpdated": "2024-11-15T20:05:31.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1212 (GCVE-0-2024-1212)
Vulnerability from cvelistv5 – Published: 2024-02-21 17:39 – Updated: 2025-10-21 23:05
VLAI?
Title
LoadMaster Pre-Authenticated OS Command Injection
Summary
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
Severity ?
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Progress Software | LoadMaster |
Affected:
7.2.48.1 , < 7.2.48.10
(semver)
Affected: 7.2.54.0 , < 7.2.54.8 (semver) Affected: 7.2.55.0 , < 7.2.59.2 (semver) |
Credits
Rhino Security Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:24.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://freeloadbalancer.com/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.10",
"status": "affected",
"version": "7.2.48.1",
"versionType": "custom"
},
{
"lessThan": "7.2.54.8",
"status": "affected",
"version": "7.2.54.0",
"versionType": "custom"
},
{
"lessThan": "7.2.59.2",
"status": "affected",
"version": "7.2.55.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.10",
"status": "affected",
"version": "7.2.48.1",
"versionType": "custom"
},
{
"lessThan": "7.2.54.8",
"status": "affected",
"version": "7.2.54.0",
"versionType": "custom"
},
{
"lessThan": "7.2.59.2",
"status": "affected",
"version": "7.2.55.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "loadmaster",
"vendor": "kemptechnologies",
"versions": [
{
"lessThan": "7.2.48.10",
"status": "affected",
"version": "7.2.48.1",
"versionType": "custom"
},
{
"lessThan": "7.2.54.8",
"status": "affected",
"version": "7.2.54.0",
"versionType": "custom"
},
{
"lessThan": "7.2.59.2",
"status": "affected",
"version": "7.2.55.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1212",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T04:55:44.568916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-11-18",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1212"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:23.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1212"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-18T00:00:00+00:00",
"value": "CVE-2024-1212 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"LoadMaster Management Interface"
],
"platforms": [
"Linux"
],
"product": "LoadMaster",
"vendor": "Progress Software",
"versions": [
{
"lessThan": "7.2.48.10",
"status": "affected",
"version": "7.2.48.1",
"versionType": "semver"
},
{
"lessThan": "7.2.54.8",
"status": "affected",
"version": "7.2.54.0",
"versionType": "semver"
},
{
"lessThan": "7.2.59.2",
"status": "affected",
"version": "7.2.55.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rhino Security Labs"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 API Manipulation"
}
]
},
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
},
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T20:45:42.781Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"tags": [
"product"
],
"url": "https://kemptechnologies.com/"
},
{
"tags": [
"product"
],
"url": "https://freeloadbalancer.com/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LoadMaster Pre-Authenticated OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2024-1212",
"datePublished": "2024-02-21T17:39:12.599Z",
"dateReserved": "2024-02-02T18:16:01.280Z",
"dateUpdated": "2025-10-21T23:05:23.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}