HIGH🇵🇱 Wersja polska

CVE-2026-3517

CVSS 8.4v3.1pub. 2026-04-20upd. 2026-05-01

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Progress Connection Manager For Objectscale

    APP
    Progress
    < 7.2.63.1
  • Progress Ecs Connection Manager

    APP
    Progress
    < 7.2.63.1
  • Progress Loadmaster

    APP
    Progress
    < 7.2.54.17< 7.2.63.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-1212CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Progress LoadMaster – nieuwierzytelnione RCE przez command injection w interfejsie zarządzania

CVE-2026-3518HIGH8.4ten sam produkt

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticat...

CVE-2026-4048HIGH8.4ten sam produkt

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticate...

CVE-2026-3519HIGH8.4ten sam produkt

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticat...

CVE-2025-13444HIGH8.4ten sam produkt

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated...