CVE-2023-40052: 
Progress OpenEdge vulnerability analysis and mitigation

A vulnerability (CVE-2023-40052) was discovered in Progress Application Server (PAS) for OpenEdge affecting versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. The vulnerability was disclosed on January 18, 2024, and involves a denial-of-service condition that can be triggered through malformed web requests (NVD).

The vulnerability is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). It has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD).

When exploited, the vulnerability can cause the crash of a PASOE agent, potentially disrupting thread activities of multiple web application clients. Multiple denial-of-service attacks could lead to the flooding of invalid requests, severely impacting the server's ability to process legitimate requests (NVD).

Users are advised to upgrade to the following fixed versions: version 11.7.18 or later for the 11.7 series, version 12.2.13 or later for the 12.2 series, or version 12.8.0 or later for innovation releases (NVD).