CyberSec.Space Logo
Back to CVE Browser

CVE-2015-9245

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile16.89th
PublishedOct 31, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.

Affected Platforms (CPE)

πŸ“¦
Progress

Openedge

= 10.2a
πŸ“¦
Progress

Openedge

= 10.2b
πŸ“¦
Progress

Openedge

= 10.2b07
πŸ“¦
Progress

Openedge

= 10.2b08
πŸ“¦
Progress

Openedge

= 11.0
πŸ“¦
Progress

Openedge

= 11.1
πŸ“¦
Progress

Openedge

= 11.2
πŸ“¦
Progress

Openedge

= 11.3
πŸ“¦
Progress

Openedge

= 11.4
πŸ“¦
Progress

Openedge

= 11.5

References & Advisories

πŸ”— https://knowledgebase.progress.com/articles/Article/How-to-prevent-Java-RMI-class-loader-exploit-with-AdminServer
πŸ”— https://knowledgebase.progress.com/articles/Article/How-to-prevent-Java-RMI-class-loader-exploit-with-AdminServer

Related Vulnerabilities

CVE-2007-241710.0

Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authenticatio...

CVE-2007-25067.8

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause...

CVE-2007-34917.5

Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to hav...

CVE-2014-85555.0

Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to rea...