CVE-2024-56135

Published Feb 5, 2025

Last updated 7 months ago

CVSS high 8.4

Overview

Description
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)
Source
security@progress.com
NVD status
Analyzed
Products
multi-tenant_loadmaster, loadmaster

Risk scores

CVSS 3.1

Type
Primary
Base score
6.8
Impact score
5.9
Exploitability score
0.9
Vector string
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

security@progress.com
CWE-20
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. Multiple LoadMaster vulnerabilities (CVE-2024-56131 to CVE-2024-56135) allow remote command execution and file access. https://t.co/tG2xoIFZ5u

    @SRA_ThreatWatch

    12 Feb 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. **Threat Alert: Progress LoadMaster Critical Flaws** **Timeline:** - Discovery: 2024-01-14 - Patch: 2024-02-05 **Summary:** Vulnerabilities in Progress LoadMaster (CVE-2024-56131 through CVE-2024-56135) due to improper input validation allow authenticated users to inject…

    @syedaquib77

    11 Feb 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2024-56135: HIGH] Security alert: Authenticated users in Progress LoadMaster face OS Command Injection due to Improper Input Validation. Affected versions range from 7.2.48.12 to 7.2.60.1 - act now to secure...#cybersecurity,#vulnerability https://t.co/vTdc29xhWp https://t.c

    @CveFindCom

    5 Feb 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-56135 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Ve… https://t.co/SwTK98m30C

    @CVEnew

    5 Feb 2025

    293 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parametersCVE-2025-13447
  2. OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parametersCVE-2025-13444
  3. Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and aboveCVE-2025-1758
  4. Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)CVE-2024-56134
  5. Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12 (inclusive)    7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive)CVE-2024-56133

References

Sources include official advisories and independent security research.