CVE-2022-29849 An SUID binary in OpenEdge 11.7.14 and 12.x before 12.2.9 could be compromised.

This issue was resolved in version 12.2.10 and later through the introduction of a new SUID binary. If you do not wish to upgrade, you can install the bin/nf_constraint_max_count.pl SUID program at the system level. This will prevent attackers from escalating privileges. To mitigate this risk, you can also upgrade to OpenEdge version 11.7.14 or later. End users should be especially cautious of attachments or links in emails that they receive, since many users often click on those links without first verifying the authenticity of the email.

CVE-2023-29850

This issue was resolved in version 12.2.10 and later through the introduction of a new SUID binary. If you do not wish to upgrade, you can install the bin/nf_constraint_max_count.pl SUID program at the system level. This will prevent attackers from escalating privileges. To mitigate this risk, you can also upgrade to OpenEdge version 11.7.14 or later. End users should be especially cautious of attachments or links in emails that they receive, since many users often click on those links without first verifying the authenticity of the email.

CVE-2023-29851

This issue was resolved in version 12.2.10 and later through the introduction of a new SUID binary. If you do not wish to upgrade, you can install the bin/nf_constraint_max_count.pl SUID program at the system level. This will prevent attackers from escalating privileges. To mitigate this risk, you can also upgrade to OpenEdge version 11.7.14 or later. End users should be especially cautious of attachments or links in emails that they receive, since many users often click on those links without first verifying the authenticity of the email.

How to Update OpenEdge


To update OpenEdge, visit: http://support.opengee.com/index.php? option=com_content&view=article&id=890
If you have any questions or would like assistance with updating to the latest versions of OpenEdge software, please contact our Support team at [email protected]

Timeline

Published on: 05/02/2022 00:15:00 UTC
Last modified on: 05/10/2022 15:47:00 UTC

References