CVEブラウザに戻る

CVE-2015-9245

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0400%

EPSS Percentile16.89th

Published2017年10月31日

Last Modified2026年5月13日

Vulnerability Description

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.

Affected Platforms (CPE)

📦

Progress

Openedge

= 10.2a

📦

Progress

Openedge

= 10.2b

📦

Progress

Openedge

= 10.2b07

📦

Progress

Openedge

= 10.2b08

📦

Progress

Openedge

= 11.0

📦

Progress

Openedge

= 11.1

📦

Progress

Openedge

= 11.2

📦

Progress

Openedge

= 11.3

📦

Progress

Openedge

= 11.4

📦

Progress

Openedge

= 11.5

References & Advisories

🔗 https://knowledgebase.progress.com/articles/Article/How-to-prevent-Java-RMI-class-loader-exploit-with-AdminServer

🔗 https://knowledgebase.progress.com/articles/Article/How-to-prevent-Java-RMI-class-loader-exploit-with-AdminServer

関連する脆弱性情報

CVE-2007-241710.0

Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authenticatio...

CVE-2007-25067.8

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause...

CVE-2007-34917.5

Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to hav...

CVE-2014-85555.0

Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to rea...