Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3614 articles · 169898 vulns · 37/41 feeds (7d)
← Back to list
8.7
CVE-2026-7313PATCHED
progress · sitefinity

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity

Description

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight, non-default site configuration and valid back-end authorization.

Affected Products

VendorProductVersions
progresssitefinity8.0.5700

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
progresssitefinitycert_advisory90%

References

  • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2026-7312-CVE-2026-7198-CVE-2026-7195-CVE-2026-7201-CVE-2026-7313-May-2026(vendor-advisory)

Related News (3 articles)

Tier B
CCCS Canada26d ago
Progress security advisory (AV26-552)
→ No new info (linked only)
Tier B
BSI Advisories28d ago
[NEU] [hoch] Progress Software Sitefinity: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB29d ago
CVE-2026-7313 | Progress Sitefinity up to 13.3.7651 Web Services insufficiently protected credentials
→ No new info (linked only)
CVSS 3.18.7 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CISA KEV❌ No
Actively exploited❌ No
Patch available
13.3.7652
PublishedJun 2, 2026
Last enriched29d agov2
Tags
CVE-2026-7313
Trending Score3
Source articles3
Independent3
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-8037EXPKEV
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
Trending: 126
CRITICALCVE-2026-7198
CWE-284: Improper Access Control in web services in Progress Sitefinity
Trending: 4
CRITICALCVE-2026-7312
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity
Trending: 3
HIGHCVE-2026-7201
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity
Trending: 3
HIGHCVE-2026-7195EXP
CWE-20: Improper Input Validation in web services in Progress Sitefinity
Trending: 2

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 2, 2026
Discovered by ZDM
Jun 2, 2026
Updated: affectedVersions, cweIds, tags
Jun 2, 2026
Patch Available
Jun 3, 2026

Version History

v2
Last enriched 29d ago
v2Tier C29d ago

Updated affected versions to include 13.3.7651, added CWE-522, and noted no exploit is available.

affectedVersionscweIdstags
via VulDB
v129d ago

Initial creation