CVE-2026-2699
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Progress | ShareFile Storage Zones Controller | 0 <= 5.12.3 | affected |
Weaknesses
- CWE-698: CWE-698: Execution After Redirect (EAR)
- CWE-284: CWE-284: Improper Access Control
Workarounds
Harden the Storage Zones Controller access using IIS or use a firewall to block network access to the Storage Zones Controller administration pages from untrusted sources.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.