CVE-2024-2449 Information

Description

A cross-site request forgery vulnerability has been identified in LoadMaster.  It is possible for a malicious actor who has prior knowledge of the IP or hostname of a specific LoadMaster to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator.

Reference

https://progress.com/loadmaster https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449