Progress Software program Points Patch for Vulnerability in LoadMaster and MT Hypervisor
[ad_1]
Progress Software program has launched safety updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that might end result within the execution of arbitrary working system instructions.
Tracked as CVE-2024-7591 (CVSS rating: 10.0), the vulnerability has been described as an improper enter validation bug that leads to OS command injection.
“It’s attainable for unauthenticated, distant attackers who’ve entry to the administration interface of LoadMaster to subject a fastidiously crafted http request that can enable arbitrary system instructions to be executed,” the corporate said in an advisory final week.
“This vulnerability has been closed by sanitizing request person enter to mitigate arbitrary system instructions execution.”
The flaw impacts the next variations –
- LoadMaster (7.2.60.0 and all prior variations)
- Multi-Tenant Hypervisor (7.1.35.11 and all prior variations)
Safety researcher Florian Grunow has been credited with discovering and reporting the flaw. Progress mentioned it has discovered no proof of the vulnerability being exploited within the wild.
That mentioned, it is advisable that customers apply the newest fixes as quickly as attainable by downloading an add-on package deal. The replace will be put in by navigating to System Configuration > System Administration > Replace Software program.
“We’re encouraging all prospects to improve their LoadMaster implementations as quickly as attainable to harden their surroundings,” the corporate mentioned. “We additionally strongly advocate that prospects comply with our security hardening guidelines.”
[ad_2]
Source link