Critical Vulnerability in Progress Flowmon

Published on 26 Apr 2024

Progress has released security updates to address a critical vulnerability (CVE-2024-2389) affecting their Progress Flowmon product. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 10 out of 10.

Successful exploitation of the vulnerability could allow an unauthenticated remote attacker to execute arbitrary system commands through a crafted Application Programming Interface (API) command on the web interface.

The affected product versions are:

  • Flowmon v12.x
  • Flowmon v11.x

Users and administrators are advised to upgrade their products to the latest versions immediately.

More information is available here:

https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability