CVE-2023-34203 Information

Description

In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7 a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership e.g. escalate to admin. This affects OpenEdge LTS before 11.7.16 12.x before 12.2.12 and 12.3.x through 12.6.x before 12.7.

Reference

https://www.progress.com/openedge