CVE-2024-2448

Summary

An OS command injection vulnerability has been identified in LoadMaster.  An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.

Affected Software

VendorProductVersion RangeStatus
Progress SoftwareLoadMaster7.2.55.0 < 7.2.59.3 ( LoadMaster GA)affected
Progress SoftwareLoadMaster7.2.49.0 < 7.2.54.9 ( LoadMaster LTSF)affected
Progress SoftwareLoadMaster7.2.48.10 < 7.2.48.11 (LoadMaster LTS)affected
Progress SoftwareLoadMaster7.1.35.10 < 7.1.35.11 (LoadMaster MT)affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References