Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.
| Vendor | Product | Versions |
|---|---|---|
| Progress | ShareFile Storage Zones Controller | 0, 5.12.4, 5.12.3 |
Updated affected versions to include 5.12.3 and clarified that there is no available exploit.
Added new affected version 5.12.4, marked exploit as available, noted active exploitation, updated patch information, added CWE-287, and included MITRE ATT&CK technique T1078.
Updated affected versions to include 5.x, marked exploit as available, and noted active exploitation potential.
Initial creation
