9.8
CVE-2026-7198
- EPSS 0.44%
- Veröffentlicht 02.06.2026 13:06:32
- Zuletzt bearbeitet 04.06.2026 12:43:06
- Quelle security@progress.com
- CVE-Watchlists
- Unerledigt
CWE-284: Improper Access Control in web services in Progress Sitefinity
CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Progress ≫ Sitefinity Version >= 15.4.8623 < 15.4.8630
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.353 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@progress.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2026-7312-CVE-2026-7198-CVE-2026-7195-CVE-2026-7201-CVE-2026-7313-May-2026