Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3614 articles · 169898 vulns · 37/41 feeds (7d)
← Back to list
9.8
CVE-2026-7198PATCHED
progress · sitefinity

CWE-284: Improper Access Control in web services in Progress Sitefinity

Description

CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations.

Affected Products

VendorProductVersions
progresssitefinity15.4.8623

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
progresssitefinitycert_advisory90%

References

  • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2026-7312-CVE-2026-7198-CVE-2026-7195-CVE-2026-7201-CVE-2026-7313-May-2026(vendor-advisory)

Related News (3 articles)

Tier B
CCCS Canada26d ago
Progress security advisory (AV26-552)
→ No new info (linked only)
Tier B
BSI Advisories28d ago
[NEU] [hoch] Progress Software Sitefinity: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB29d ago
CVE-2026-7198 | Progress Sitefinity up to 15.4.8629 Web Services access control
→ No new info (linked only)
CVSS 3.19.8 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited❌ No
Patch available
15.4.8630
CWECWE-284
PublishedJun 2, 2026
Last enriched29d agov2
Trending Score4
Source articles3
Independent3
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-8037EXPKEV
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
Trending: 127
CRITICALCVE-2026-7312
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity
Trending: 3
HIGHCVE-2026-7313
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity
Trending: 3
HIGHCVE-2026-7201
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity
Trending: 3
HIGHCVE-2026-7195EXP
CWE-20: Improper Input Validation in web services in Progress Sitefinity
Trending: 2

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 2, 2026
Discovered by ZDM
Jun 2, 2026
Updated: affectedVersions
Jun 2, 2026
Patch Available
Jun 3, 2026

Version History

v2
Last enriched 29d ago
v2Tier C29d ago

Updated affected versions to include 15.4.8629 and corrected exploit availability status to false.

affectedVersions
via VulDB
v129d ago

Initial creation