CVE-2023-34203

Summary

CVE-2023-34203 is a newly disclosed vulnerability affecting OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before version 12.7. A remote user with any OEM or OEE role can exploit this URL injection flaw to alter their identity or role membership, potentially escalating privileges to an administrative level. This vulnerability can impact OpenEdge LTS before 11.7.16, as well as 12.x before 12.2.12 and 12.3.x through 12.6.x before 12.7. Successful exploitation could lead to significant security implications, underscoring the importance of prompt patching for affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.