CVE-2015-9245

Published: Oct 31, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.

Affected (10)

Products: Progress: Openedge

Progress

1 product

Openedge

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Progress Openedge	Version 10.2a
Progress Openedge	Version 10.2b07
Progress Openedge	Version 10.2b08
Progress Openedge	Version 10.2b
Progress Openedge	Version 11.0
Progress Openedge	Version 11.1
Progress Openedge	Version 11.2
Progress Openedge	Version 11.3
Progress Openedge	Version 11.4
Progress Openedge	Version 11.5

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://knowledgebase.progress.com/articles/Article/How-to-prevent-Java-RMI-class-loader-exploit-with-AdminServer

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://knowledgebase.progress.com/articles/Article/How-to-prevent-Java-RMI-class-loader-exploit-with-AdminServer

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.