Cyber Posture

CVE-2024-56134

High

Published: 05 February 2025

Published
05 February 2025
Modified
31 July 2025
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0006 19.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)

Security Summary

CVE-2024-56134 is an Improper Input Validation vulnerability in Progress LoadMaster that allows authenticated users to perform OS Command Injection. The issue affects LoadMaster versions from 7.2.55.0 to 7.2.60.1 inclusive, from 7.2.49.0 to 7.2.54.12 inclusive, and 7.2.48.12 and all prior versions; Multi-Tenant Hypervisor versions 7.1.35.12 and all prior versions; and ECS all versions prior to 7.2.60.1 inclusive.

With a CVSS v3.1 base score of 8.4 (AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), the vulnerability can be exploited by a high-privileged authenticated user on an adjacent network. Exploitation requires low complexity and no user interaction, enabling the attacker to achieve high impacts on confidentiality, integrity, and availability while changing the scope of impact.

Mitigation details are provided in the Progress security advisory at https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135.

Details

CWE(s)
CWE-20NVD-CWE-noinfo

Affected Products

progress
multi-tenant loadmaster
≤ 7.1.35.13
progress
loadmaster
≤ 7.2.48.12 · 7.2.49.0 — 7.2.54.13 · 7.2.55.0 — 7.2.61.0

References