Progress Software program has addressed a number of high-severity security flaws in its LoadMaster software program that might be exploited by malicious actors to execute arbitrary system instructions or obtain any file from the system.
Kemp LoadMaster is a high-performance software supply controller (ADC) and cargo balancer that gives availability, scalability, efficiency, and security for business-critical functions and web sites.
The recognized vulnerabilities are listed beneath –
- CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, and CVE-2024-56135 (CVSS scores: 8.4) – A set of improper enter validation vulnerabilities that enables distant malicious actors who achieve entry to the administration interface of LoadMaster and efficiently authenticate to execute arbitrary system instructions through a rigorously crafted HTTP request
- CVE-2024-56134 (CVSS rating: 8.4) – An improper enter validation vulnerability that enables distant malicious actors who achieve entry to the administration interface of LoadMaster and efficiently authenticate to obtain the content material of any file on the system through a rigorously crafted HTTP request
The next variations of the software program are affected by the issues –
- LoadMaster variations from 7.2.55.0 to 7.2.60.1 (inclusive) - Mounted in 7.2.61.0 (GA)
- LoadMaster variations from 7.2.49.0 to 7.2.54.12 (inclusive) – Mounted in 7.2.54.13 (LTSF)
- LoadMaster model 7.2.48.12 and prior – Improve to LTSF or GA
- Multi-Tenant LoadMaster model 7.1.35.12 and prior – Mounted in 7.1.35.13 (GA)
Progress Software program famous that it has no proof that any of the aforementioned vulnerabilities have been exploited within the wild. That stated, with beforehand disclosed flaws weaponized by risk actors previously, it is important that prospects apply the newest patches for optimum safety.
