CVE-2024-6658 (GCVE-0-2024-6658)

Vulnerability from cvelistv5 – Published: 2024-09-12 14:38 – Updated: 2024-09-23 19:19
VLAI?
Title
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.
Summary
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 (inclusive)    From 7.2.49.0 to 7.2.54.11 (inclusive)    7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.11 and all prior versions ECS All prior versions to 7.2.60.0 (inclusive)
Severity ?
8.4 (High)
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Vendor Product Version
Progress LoadMaster Affected: All Previous Versions , < 7.2.60.1 (LoadMaster)
Create a notification for this product.
Credits
Huydoppa from giaohangtietkiem.vn
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "loadmaster",
            "vendor": "kemptechnologies",
            "versions": [
              {
                "lessThanOrEqual": "7.2.48.12",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.2.54.12",
                "status": "affected",
                "version": "7.2.49.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.2.60.1",
                "status": "affected",
                "version": "7.2.55.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:kemptechnologies:loadmaster_mt:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "loadmaster_mt",
            "vendor": "kemptechnologies",
            "versions": [
              {
                "lessThan": "7.1.35.12",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6658",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-12T14:52:16.894185Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T14:55:48.364Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "LoadMaster",
          "vendor": "Progress",
          "versions": [
            {
              "lessThan": "7.2.60.1",
              "status": "affected",
              "version": "All Previous Versions",
              "versionType": "LoadMaster"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Huydoppa from giaohangtietkiem.vn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.\u003cp\u003eThis issue affects:\u003c/p\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.0 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.11 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eMulti-Tenant Hypervisor \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.1.35.11 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\u003cbr\u003e\n\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.0 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:\n\n\n\n\u202fProduct \n\n\n\n\n\nAffected Versions \n\n\n\n\n\nLoadMaster \n\n\n\n\n\nFrom 7.2.55.0 to 7.2.60.0 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\nFrom 7.2.49.0 to 7.2.54.11 (inclusive) \n\n\n\n\n\n\u202f\u00a0\n\n\n\n\n\n7.2.48.12 and all prior versions \n\n\n\n\n\n\n\n\nMulti-Tenant Hypervisor \n\n\n\n\n\n7.1.35.11 and all prior versions \n\n\n\n\n\n\n\n\n\n\nECS\n\n\n\n\n\nAll prior versions to 7.2.60.0 (inclusive)"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-88",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-88: OS Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-23T19:19:19.461Z",
        "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "shortName": "ProgressSoftware"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://support.kemptechnologies.com/hc/en-us/articles/28910587250701"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
    "assignerShortName": "ProgressSoftware",
    "cveId": "CVE-2024-6658",
    "datePublished": "2024-09-12T14:38:48.129Z",
    "dateReserved": "2024-07-10T14:36:47.692Z",
    "dateUpdated": "2024-09-23T19:19:19.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:\\n\\n\\n\\n\\u202fProduct \\n\\n\\n\\n\\n\\nAffected Versions \\n\\n\\n\\n\\n\\nLoadMaster \\n\\n\\n\\n\\n\\nFrom 7.2.55.0 to 7.2.60.0 (inclusive) \\n\\n\\n\\n\\n\\n\\u202f\\u00a0\\n\\n\\n\\n\\n\\nFrom 7.2.49.0 to 7.2.54.11 (inclusive) \\n\\n\\n\\n\\n\\n\\u202f\\u00a0\\n\\n\\n\\n\\n\\n7.2.48.12 and all prior versions \\n\\n\\n\\n\\n\\n\\n\\n\\nMulti-Tenant Hypervisor \\n\\n\\n\\n\\n\\n7.1.35.11 and all prior versions \\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nECS\\n\\n\\n\\n\\n\\nAll prior versions to 7.2.60.0 (inclusive)\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de validaci\\u00f3n de entrada incorrecta de usuario autenticado en progreso LoadMaster permite la inyecci\\u00f3n de comandos del sistema operativo. Este problema afecta a: ?Producto Versiones afectadas LoadMaster De 7.2.55.0 a 7.2.60.0 (inclusive) ? De 7.2.49.0 a 7.2.54.11 (inclusive) ? 7.2.48.12 y todas las versiones anteriores Hipervisor multiinquilino 7.1.35.11 y todas las versiones anteriores ECS Todas las versiones anteriores a 7.2.60.0 (inclusive)\"}]",
      "id": "CVE-2024-6658",
      "lastModified": "2024-09-23T20:15:05.560",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@progress.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 6.0}]}",
      "published": "2024-09-12T15:18:26.543",
      "references": "[{\"url\": \"https://support.kemptechnologies.com/hc/en-us/articles/28910587250701\", \"source\": \"security@progress.com\"}]",
      "sourceIdentifier": "security@progress.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security@progress.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-6658\",\"sourceIdentifier\":\"security@progress.com\",\"published\":\"2024-09-12T15:18:26.543\",\"lastModified\":\"2025-07-30T16:24:22.697\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:\\n\\n\\n\\n\u202fProduct \\n\\n\\n\\n\\n\\nAffected Versions \\n\\n\\n\\n\\n\\nLoadMaster \\n\\n\\n\\n\\n\\nFrom 7.2.55.0 to 7.2.60.0 (inclusive) \\n\\n\\n\\n\\n\\n\u202f\u00a0\\n\\n\\n\\n\\n\\nFrom 7.2.49.0 to 7.2.54.11 (inclusive) \\n\\n\\n\\n\\n\\n\u202f\u00a0\\n\\n\\n\\n\\n\\n7.2.48.12 and all prior versions \\n\\n\\n\\n\\n\\n\\n\\n\\nMulti-Tenant Hypervisor \\n\\n\\n\\n\\n\\n7.1.35.11 and all prior versions \\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nECS\\n\\n\\n\\n\\n\\nAll prior versions to 7.2.60.0 (inclusive)\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de validaci\u00f3n de entrada incorrecta de usuario autenticado en progreso LoadMaster permite la inyecci\u00f3n de comandos del sistema operativo. Este problema afecta a: ?Producto Versiones afectadas LoadMaster De 7.2.55.0 a 7.2.60.0 (inclusive) ? De 7.2.49.0 a 7.2.54.11 (inclusive) ? 7.2.48.12 y todas las versiones anteriores Hipervisor multiinquilino 7.1.35.11 y todas las versiones anteriores ECS Todas las versiones anteriores a 7.2.60.0 (inclusive)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@progress.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.7,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@progress.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:progress:multi-tenant_loadmaster:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1.35.12\",\"matchCriteriaId\":\"16086A48-449E-49BB-BE86-C038FFB22C6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:progress:loadmaster:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.2.48.12\",\"matchCriteriaId\":\"8BF6DDA7-65D0-4678-8F19-CAB4A158EA25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:progress:loadmaster:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.49.0\",\"versionEndExcluding\":\"7.2.54.12\",\"matchCriteriaId\":\"9CEDCF3D-53EA-4DED-B62E-E594BCE165CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:progress:loadmaster:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.55.0\",\"versionEndExcluding\":\"7.2.60.1\",\"matchCriteriaId\":\"29576F74-FD49-4181-BA9C-DBD3FC60B0D6\"}]}]}],\"references\":[{\"url\":\"https://support.kemptechnologies.com/hc/en-us/articles/28910587250701\",\"source\":\"security@progress.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-6658\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-12T14:52:16.894185Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:*\"], \"vendor\": \"kemptechnologies\", \"product\": \"loadmaster\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.2.48.12\"}, {\"status\": \"affected\", \"version\": \"7.2.49.0\", \"lessThan\": \"7.2.54.12\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.2.55.0\", \"lessThan\": \"7.2.60.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:2.3:a:kemptechnologies:loadmaster_mt:*:*:*:*:*:*:*:*\"], \"vendor\": \"kemptechnologies\", \"product\": \"loadmaster_mt\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"7.1.35.12\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-12T14:55:40.861Z\"}}], \"cna\": {\"title\": \"Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Huydoppa from giaohangtietkiem.vn\"}], \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88: OS Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Progress\", \"product\": \"LoadMaster\", \"versions\": [{\"status\": \"affected\", \"version\": \"All Previous Versions\", \"lessThan\": \"7.2.60.1\", \"versionType\": \"LoadMaster\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://support.kemptechnologies.com/hc/en-us/articles/28910587250701\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:\\n\\n\\n\\n\\u202fProduct \\n\\n\\n\\n\\n\\nAffected Versions \\n\\n\\n\\n\\n\\nLoadMaster \\n\\n\\n\\n\\n\\nFrom 7.2.55.0 to 7.2.60.0 (inclusive) \\n\\n\\n\\n\\n\\n\\u202f\\u00a0\\n\\n\\n\\n\\n\\nFrom 7.2.49.0 to 7.2.54.11 (inclusive) \\n\\n\\n\\n\\n\\n\\u202f\\u00a0\\n\\n\\n\\n\\n\\n7.2.48.12 and all prior versions \\n\\n\\n\\n\\n\\n\\n\\n\\nMulti-Tenant Hypervisor \\n\\n\\n\\n\\n\\n7.1.35.11 and all prior versions \\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nECS\\n\\n\\n\\n\\n\\nAll prior versions to 7.2.60.0 (inclusive)\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.\u003cp\u003eThis issue affects:\u003c/p\u003e\\n\\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\\u202fProduct \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAffected Versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eLoadMaster \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.55.0 to 7.2.60.0 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eFrom 7.2.49.0 to 7.2.54.11 (inclusive) \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e\\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.2.48.12 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\\n\\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eMulti-Tenant Hypervisor \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e7.1.35.11 and all prior versions \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\\n\\n\u003cbr\u003e\\n\\n\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eECS\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003ctd\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAll prior versions to 7.2.60.0 (inclusive)\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\\n\\n\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"f9fea0b6-671e-4eea-8fde-31911902ae05\", \"shortName\": \"ProgressSoftware\", \"dateUpdated\": \"2024-09-23T19:19:19.461Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-6658\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-23T19:19:19.461Z\", \"dateReserved\": \"2024-07-10T14:36:47.692Z\", \"assignerOrgId\": \"f9fea0b6-671e-4eea-8fde-31911902ae05\", \"datePublished\": \"2024-09-12T14:38:48.129Z\", \"assignerShortName\": \"ProgressSoftware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.