Security Affairs
Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|
Advertisement

Ad Placeholder

Full Width × 90

Security

Progress Software fixed a maximum severity flaw in LoadMaster

Progress Software released an emergency to address a maximum severity vulnerability in its LoadMaster products. Progress Software released an emergency fix for a critical vulnerability, tracked as CVE-2024-7591, that affects its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products. The vulnerability is an improper input validation issue, that could allow an unauthenticated, remote attacker to access LoadMaster’s […]

Progress LoadMaster

Progress Software released an emergency to address a maximum severity vulnerability in its LoadMaster products.

Progress Software released an emergency fix for a critical vulnerability, tracked as CVE-2024-7591, that affects its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products.

The vulnerability is an improper input validation issue, that could allow an unauthenticated, remote attacker to access LoadMaster’s management interface using a specially crafted HTTP request.

“It is possible for unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a carefully crafted http request that will allow arbitrary system commands to be executed.” reads the advisory. “This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands execution.”

Progress LoadMaster is a high-performance application delivery controller (ADC) and load balancer. It is designed to enhance the availability, scalability, performance, and security of business-critical applications and websites.

The vulnerability could enable an attacker to execute arbitrary commands on affected systems.

Below is the list of affected product versions:

 ProductAffected VersionsPatched VersionsRelease Date
LoadMaster7.2.60.0 and all prior versionsAdd-on Package
XML validation file
Sep 03 2024
Multi-Tenant Hypervisor7.1.35.11 and all prior versionsAdd-on Package
XML validation file
Sep 03 2024

Multi-Tenant LoadMaster (LoadMaster MT) is affected in case the following condition is met:

  • The individual instantiated LoadMaster VNFs are vulnerable and must be patched using the add-on listed above as soon as possible.
  • Note that the MT hypervisor or Manager node is also vulnerable and must be patched using the add-on listed above as soon as possible.

As reported by a user in the advisory comments, the addon package released by Progress doesn’t allow installation on the free version. 

The good news is that Progress is not aware of attacks in the wild exploiting this vulnerability.

“We have not received any reports that this vulnerability has been exploited and we are not aware of any direct impact to customers” states the advisory. “Nevertheless, we are encouraging all customers to upgrade their LoadMaster implementations as soon as possible to harden their environment. “

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Progress Software)