HIGH🇬🇧 English

CVE-2026-3517

CVSS 8.4v3.1pub. 2026-04-20upd. 2026-05-01

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Progress Connection Manager For Objectscale

    APP
    Progress
    < 7.2.63.1
  • Progress Ecs Connection Manager

    APP
    Progress
    < 7.2.63.1
  • Progress Loadmaster

    APP
    Progress
    < 7.2.54.17< 7.2.63.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2024-1212CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Progress LoadMaster – nieuwierzytelnione RCE przez command injection w interfejsie zarządzania

CVE-2026-3518HIGH8.4ten sam produkt

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticat...

CVE-2026-4048HIGH8.4ten sam produkt

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticate...

CVE-2026-3519HIGH8.4ten sam produkt

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticat...

CVE-2025-13444HIGH8.4ten sam produkt

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated...