This issue was resolved in version 12.2.10 and later through the introduction of a new SUID binary. If you do not wish to upgrade, you can install the bin/nf_constraint_max_count.pl SUID program at the system level. This will prevent attackers from escalating privileges. To mitigate this risk, you can also upgrade to OpenEdge version 11.7.14 or later. End users should be especially cautious of attachments or links in emails that they receive, since many users often click on those links without first verifying the authenticity of the email.
CVE-2023-29850
This issue was resolved in version 12.2.10 and later through the introduction of a new SUID binary. If you do not wish to upgrade, you can install the bin/nf_constraint_max_count.pl SUID program at the system level. This will prevent attackers from escalating privileges. To mitigate this risk, you can also upgrade to OpenEdge version 11.7.14 or later. End users should be especially cautious of attachments or links in emails that they receive, since many users often click on those links without first verifying the authenticity of the email.
CVE-2023-29851
This issue was resolved in version 12.2.10 and later through the introduction of a new SUID binary. If you do not wish to upgrade, you can install the bin/nf_constraint_max_count.pl SUID program at the system level. This will prevent attackers from escalating privileges. To mitigate this risk, you can also upgrade to OpenEdge version 11.7.14 or later. End users should be especially cautious of attachments or links in emails that they receive, since many users often click on those links without first verifying the authenticity of the email.
How to Update OpenEdge
To update OpenEdge, visit: http://support.opengee.com/index.php? option=com_content&view=article&id=890
If you have any questions or would like assistance with updating to the latest versions of OpenEdge software, please contact our Support team at [email protected]
Timeline
Published on: 05/02/2022 00:15:00 UTC
Last modified on: 05/10/2022 15:47:00 UTC
References
- https://www.progress.com/openedge
- https://community.progress.com/s/article/OpenEdge-11-7-14-is-Now-Available
- https://community.progress.com/s/article/OpenEdge-12-2-9-Update-is-available
- https://community.progress.com/s/article/Remediation-of-Privilege-Escalation-Security-Vulnerability-CVE-2022-29849
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29849