Contents x
    Progress OpenEdge 11.7.20 Resolved issues
    • 03 Sep 2024
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Progress OpenEdge 11.7.20 Resolved issues

    • Updated on 03 Sep 2024
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Progress OpenEdge 11.7.20 contains fixes for several issues which include resolutions to vulnerabilities and general fixes.

    Issues fixed in OpenEdge 11.7.20 (progress.com) 

    Known issues in OpenEdge 11.7.20 (progress.com) 

    Security Issue(s) and Potential Impact:
    The Progress OpenEdge team has addressed several security vulnerabilities in the following OpenEdge products. Please refer to the following information for specific details and remediation steps. 

    Resolution:
    If you are running OpenEdge 11.7.0 - 11.7.19, there is an update available in OpenEdge 11.7.20, with important security fixes. For more details, please refer to the Knowledge Base articles listed below.

    If you are running an OpenEdge version that is retired as described in the OpenEdge Life Cycle, it is necessary to upgrade to an active OpenEdge instance, which for FIMS is OpenEdge 11.7.20. Currently, Progress OpenEdge 12.0 is not supported for use with FIMS.

    OpenEdge Critical Alert: Unauthenticated Content Injection in OpenEdge Management web interface via ActiveMQ discovery service

    Severity 

    Security Concern

    Products Impacted

    Knowledge Base Article

    Critical 

    ActiveMQ Discovery service was reachable by default on UDP port of an OEE/OEM installation and OEM Web Interface. 

    CVE-2024-7654 

    · OpenEdge Explorer (OEE)

    · OpenEdge Management (OEM)

    · OpenEdge AdminServer

    · OpenEdge Authentication Gateway

    Knowledge Base Article

     

    OpenEdge Product Alert: Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation

    Severity 

    Security Concern

    Products Impacted

    Knowledge Base Article

    High 

    Client connections can bypass certificate host name validation when OpenEdge default certificates are used as part of the TLS handshake for a networked OpenEdge connection. 

    CVE-2024-7346

    · All components with TLS/SSL-enabled connectivity that use OpenEdge default certificates

    Knowledge Base Article

     

    OpenEdge Product Alert: Direct local client connections to MS Agents can bypass authentication

    Severity 

    Security Concern

    Products Impacted

    Knowledge Base Article

    High 

    A local OpenEdge client can connect directly to a MS Agent and perform requests that bypass required PASOE security checks. 

    CVE-2024-7345

    · All ABL and SQL client connections to the PASOE web server and including .NET and Java Open Clients

    Knowledge Base Article

     

    OpenEdge Critical Alert: OpenEdge Third-Party Vulnerabilities Fixed In OpenEdge LTS Update 11.7.20

    Severity 

    Security Concern

    Products Impacted

    Knowledge Base Article

    Critical and High 

    Multiple vulnerable third-party library vulnerabilities. 

    · Multiple OpenEdge Components Affected 

    Knowledge Base Article

     

     


    Was this article helpful?
    What's Next