Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-29849

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 May, 2022 | 23:23
Updated At-03 Aug, 2024 | 06:33
Rejected At-
Credits

In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 May, 2022 | 23:23
Updated At:03 Aug, 2024 | 06:33
Rejected At:
▼CVE Numbering Authority (CNA)

In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.progress.com/openedge
x_refsource_MISC
https://community.progress.com/s/article/Remediation-of-Privilege-Escalation-Security-Vulnerability-CVE-2022-29849
x_refsource_MISC
https://community.progress.com/s/article/OpenEdge-12-2-9-Update-is-available
x_refsource_MISC
https://community.progress.com/s/article/OpenEdge-11-7-14-is-Now-Available
x_refsource_MISC
Hyperlink: https://www.progress.com/openedge
Resource:
x_refsource_MISC
Hyperlink: https://community.progress.com/s/article/Remediation-of-Privilege-Escalation-Security-Vulnerability-CVE-2022-29849
Resource:
x_refsource_MISC
Hyperlink: https://community.progress.com/s/article/OpenEdge-12-2-9-Update-is-available
Resource:
x_refsource_MISC
Hyperlink: https://community.progress.com/s/article/OpenEdge-11-7-14-is-Now-Available
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.progress.com/openedge
x_refsource_MISC
x_transferred
https://community.progress.com/s/article/Remediation-of-Privilege-Escalation-Security-Vulnerability-CVE-2022-29849
x_refsource_MISC
x_transferred
https://community.progress.com/s/article/OpenEdge-12-2-9-Update-is-available
x_refsource_MISC
x_transferred
https://community.progress.com/s/article/OpenEdge-11-7-14-is-Now-Available
x_refsource_MISC
x_transferred
Hyperlink: https://www.progress.com/openedge
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://community.progress.com/s/article/Remediation-of-Privilege-Escalation-Security-Vulnerability-CVE-2022-29849
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://community.progress.com/s/article/OpenEdge-12-2-9-Update-is-available
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://community.progress.com/s/article/OpenEdge-11-7-14-is-Now-Available
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:02 May, 2022 | 00:15
Updated At:08 Aug, 2023 | 14:22

In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Progress Software Corporation
progress
>>openedge>>Versions from 11.7(inclusive) to 11.7.14(exclusive)
cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*
Progress Software Corporation
progress
>>openedge>>Versions from 12.0.0(inclusive) to 12.2.9(exclusive)
cpe:2.3:a:progress:openedge:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://community.progress.com/s/article/OpenEdge-11-7-14-is-Now-Availablecve@mitre.org
Patch
Release Notes
Vendor Advisory
https://community.progress.com/s/article/OpenEdge-12-2-9-Update-is-availablecve@mitre.org
Patch
Vendor Advisory
https://community.progress.com/s/article/Remediation-of-Privilege-Escalation-Security-Vulnerability-CVE-2022-29849cve@mitre.org
Mitigation
Vendor Advisory
https://www.progress.com/openedgecve@mitre.org
Product
Hyperlink: https://community.progress.com/s/article/OpenEdge-11-7-14-is-Now-Available
Source: cve@mitre.org
Resource:
Patch
Release Notes
Vendor Advisory
Hyperlink: https://community.progress.com/s/article/OpenEdge-12-2-9-Update-is-available
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://community.progress.com/s/article/Remediation-of-Privilege-Escalation-Security-Vulnerability-CVE-2022-29849
Source: cve@mitre.org
Resource:
Mitigation
Vendor Advisory
Hyperlink: https://www.progress.com/openedge
Source: cve@mitre.org
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

9Records found
CVE-2004-1885
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-5.25% / 89.59%
||
7 Day CHG~0.00%
Published-10 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.

Action-Not Available
Vendor-n/aProgress Software Corporation
Product-ws_ftp_servern/a
CVE-2004-1883
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.90% / 82.47%
||
7 Day CHG~0.00%
Published-10 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred.

Action-Not Available
Vendor-n/aProgress Software Corporation
Product-ws_ftp_servern/a
CVE-2001-1128
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.02% / 3.53%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.

Action-Not Available
Vendor-n/aProgress Software Corporation
Product-progressn/a
CVE-2024-0832
Matching Score-8
Assigner-Progress Software Corporation
ShareView Details
Matching Score-8
Assigner-Progress Software Corporation
CVSS Score-7.8||HIGH
EPSS-0.67% / 70.47%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 15:14
Updated-23 Aug, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Elevation via Telerik Reporting Installer

In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.

Action-Not Available
Vendor-Progress Software Corporation
Product-telerik_reportingTelerik Reportingtelerik_reporting
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-0833
Matching Score-8
Assigner-Progress Software Corporation
ShareView Details
Matching Score-8
Assigner-Progress Software Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.69%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 15:15
Updated-17 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Elevation via Telerik Test Studio

In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.

Action-Not Available
Vendor-Progress Software Corporation
Product-telerik_test_studioTelerik Test Studio
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-269
Improper Privilege Management
CVE-2001-1127
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.

Action-Not Available
Vendor-n/aProgress Software Corporation
Product-progressn/a
CVE-2024-0219
Matching Score-8
Assigner-Progress Software Corporation
ShareView Details
Matching Score-8
Assigner-Progress Software Corporation
CVSS Score-7.8||HIGH
EPSS-0.69% / 70.93%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 15:11
Updated-29 May, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Elevation via Telerik JustDecompile Installer

In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.

Action-Not Available
Vendor-Progress Software Corporation
Product-telerik_justdecompileTelerik JustDecompile
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-1801
Matching Score-8
Assigner-Progress Software Corporation
ShareView Details
Matching Score-8
Assigner-Progress Software Corporation
CVSS Score-7.7||HIGH
EPSS-0.02% / 2.98%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 13:12
Updated-16 Jan, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Progress Telerik Reporting Local Deserialization Vulnerability

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.

Action-Not Available
Vendor-Progress Software Corporation
Product-telerik_reportingTelerik Reportingtelerik_reporting
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2001-1129
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.02% / 3.19%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.

Action-Not Available
Vendor-n/aProgress Software Corporation
Product-progressn/a
Details not found