CVE-2024-2448

high-risk
Published 2024-03-22

An OS command injection vulnerability has been identified in LoadMaster.  An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.

Do I need to act?

!
44.8% chance of exploitation in next 30 days
EPSS score — higher than 55% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.4/10 High
ADJACENT_NETWORK / LOW complexity

Affected Products (4)

Loadmaster
Loadmaster
Loadmaster
Loadmaster

Affected Vendors

Progress

References (4)

Broken Link https://progress.com/loadmaster
Release Notes https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster...
Broken Link https://progress.com/loadmaster
Release Notes https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster...
53
/ 100
high-risk
Severity 26/34 · High
Exploitability 17/34 · Moderate
Exposure 10/34 · Low