CVE-2024-2448
8.4
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Progress Software | LoadMaster | 7.2.55.0 < 7.2.59.3 ( LoadMaster GA) | affected |
| Progress Software | LoadMaster | 7.2.49.0 < 7.2.54.9 ( LoadMaster LTSF) | affected |
| Progress Software | LoadMaster | 7.2.48.10 < 7.2.48.11 (LoadMaster LTS) | affected |
| Progress Software | LoadMaster | 7.1.35.10 < 7.1.35.11 (LoadMaster MT) | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://progress.com/loadmaster
- https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449
References
- https://progress.com/loadmaster
- https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.