Critical severity9.8NVD Advisory· Published Oct 31, 2017· Updated May 13, 2026

CVE-2015-9245

Description

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.

Affected products

Progress (organisation)/Openedge10 versions
cpe:2.3:a:progress:openedge:10.2a:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:progress:openedge:10.2a:*:*:*:*:*:*:*
- cpe:2.3:a:progress:openedge:10.2b:*:*:*:*:*:*:*
- cpe:2.3:a:progress:openedge:10.2b07:*:*:*:*:*:*:*
- cpe:2.3:a:progress:openedge:10.2b08:*:*:*:*:*:*:*
- cpe:2.3:a:progress:openedge:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:progress:openedge:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:progress:openedge:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:progress:openedge:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:progress:openedge:11.4:*:*:*:*:*:*:*
- cpe:2.3:a:progress:openedge:11.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

knowledgebase.progress.com/articles/Article/How-to-prevent-Java-RMI-class-loader-exploit-with-AdminServernvdIssue TrackingVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000