CVE-2024-2449

Summary

A cross-site request forgery vulnerability has been identified in LoadMaster.  It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator.

Affected Software

VendorProductVersion RangeStatus
Progress SoftwareLoadMaster7.2.55.0 < 7.2.59.3 ( LoadMaster GA)affected
Progress SoftwareLoadMaster7.2.49.0 < 7.2.54.9 ( LoadMaster LTSF)affected
Progress SoftwareLoadMaster7.2.48.10 < 7.2.48.11 (LoadMaster LTS)affected
Progress SoftwareLoadMaster7.1.35.10 < 7.1.35.11 (LoadMaster MT)affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References