从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞描述: - 标题:Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation - 描述:OpenEdge LTS Releases up to version 11.7.19 and version 12.2.14, including all the earlier minor Update levels of the LTS releases, may allow client connections using default TLS certificates to bypass TLS host name validation. 2. 受影响的版本: - 受影响的版本:OpenEdge Release 11.7.19 and earlier, OpenEdge Release 12.2.14 and earlier - 修复版本:OpenEdge LTS Update 11.7.20 or later, OpenEdge LTS Update 12.2.15 or later 3. 解决方案: - 建议:OpenEdge clients must explicitly be configured to bypass host name validation using the "nohostverify" startup switch available for most OpenEdge clients. - 注意:Not all OpenEdge clients support a "nohostverify" startup switch such as the Web Client. 4. 临时缓解措施: - 建议:Only using valid TLS certificates signed by a valid certificate authority for production OpenEdge systems and networked applications. 5. 联系信息: - 联系方式:If you have any questions, concerns or problems related to this issue, please log in to open a new Technical Support case in our customer community for assistance. 6. 免责声明: - 免责声明:The origins of the information on this site may be internal or external to Progress Software Corporation ("Progress"). Progress Software Corporation makes all reasonable efforts to ensure the accuracy of the information provided on this site is not supported under any warranty or service. The sample code is provided "AS IS" basis. Progress makes no warranties, expressed or implied, and disclaims all implied warranties of merchantability, fitness for a particular purpose, and non-infringement. The entire risk as to the use or performance of the sample code is assumed by the user. In no event shall Progress, its employees, or agents be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample code, even if Progress has been advised of the possibility of such damages. 这些信息可以帮助用户了解OpenEdge LTS版本11.7.19和12.2.14及其之前的更新可能存在的安全漏洞,并提供相应的解决方案和临时缓解措施。