Description

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection.  This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security.  The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.

INFO

Published Date :

2024-09-03T14:51:03.551Z

Last Modified :

2024-09-03T15:06:04.578Z

Source :

ProgressSoftware
AFFECTED PRODUCTS

The following products are affected by CVE-2024-7346 vulnerability.

Vendors Products
Progress
  • Openedge
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-7346.

URL Resource
https://community.progress.com/s/article/Client-connections-using-default-TLS-certificates-from-OpenEdge-may-bypass-TLS-host-name-validation cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact