CVE-2024-7345 in OpenEdge
Summary
by MITRE • 09/03/2024
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/05/2024
The vulnerability identified as CVE-2024-7345 represents a critical security flaw in Progress OpenEdge application platforms that affects multiple LTS versions including 11.7.18 and 12.2.13. This issue specifically targets the ABL Client component and exposes a mechanism where authentication and authorization controls can be circumvented, allowing malicious actors to inject unauthorized code into Multi-Session Agents. The flaw exists within the PASOE (Progress Application Server for OpenEdge) security framework, which is designed to enforce strict access controls and validate user credentials before permitting code execution within the application server environment. The vulnerability arises from insufficient validation of client requests and session management processes that should normally prevent unauthorized code execution in multi-session contexts.
The technical exploitation of this vulnerability occurs through a bypass of the standard security checkpoints that typically validate client authenticity and authorization levels before permitting code injection operations. Attackers can leverage this weakness to submit malicious code requests that would normally be rejected by the security system, enabling them to execute arbitrary code within the context of Multi-Session Agents. This bypass mechanism operates at the application layer and specifically targets the communication protocols used by ABL clients to interact with the PASOE server, potentially allowing attackers to escalate privileges and gain deeper access to the application infrastructure. The flaw essentially creates a backdoor path that circumvents the normal security boundaries designed to protect against unauthorized code execution in enterprise applications.
The operational impact of CVE-2024-7345 is significant for organizations running supported OpenEdge LTS platforms, as it provides attackers with a pathway to compromise application integrity and potentially gain access to sensitive data processing environments. Multi-Session Agents are critical components in enterprise applications that handle concurrent user requests and maintain application state, making them attractive targets for attackers seeking persistent access. The vulnerability could enable unauthorized code injection attacks that might lead to data breaches, service disruption, or further exploitation of the underlying infrastructure. Organizations using these platforms face increased risk of insider threats or external attacks that exploit this bypass mechanism to establish unauthorized code execution capabilities within their application environments.
Organizations should immediately implement mitigation strategies including applying the latest security patches provided by Progress Software, reviewing and strengthening access controls for Multi-Session Agents, and implementing network segmentation to limit exposure of vulnerable systems. Security monitoring should be enhanced to detect unusual code injection patterns and unauthorized access attempts to PASOE components. The vulnerability aligns with CWE-284 (Improper Access Control) and may be categorized under ATT&CK technique T1059.007 (Command and Scripting Interpreter: PowerShell) when exploited for code execution. Additionally, organizations should consider implementing runtime application self-protection measures and regular security assessments to identify potential exploitation vectors that could leverage similar bypass mechanisms in other application components.