漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Unauthorized Arbitrary File Read via RMI in AdminServer Interface
Vulnerability Description
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users the ability to read arbitrary files on the host system through the misuse of the setFile() and openFile() methods exposed through the RMI interface. Misuse was limited only by OS-level authority of the AdminServer's elevated privileges granted and the user's access to these methods enabled through RMI. The exploitable methods have been removed thus eliminating their access through RMI or downstream of the RMI registry.
CVSS Information
N/A
Vulnerability Type
对外部实体的文件或目录可访问
Vulnerability Title
Progress OpenEdge 安全漏洞
Vulnerability Description
Progress OpenEdge是美国Progress公司的一个企业级应用开发与数据库管理平台。 Progress OpenEdge存在安全漏洞,该漏洞源于AdminServer组件授权不当,可能导致认证用户通过RMI接口滥用setFile和openFile方法读取主机系统上的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A