Detections
Analytics
Progress ShareFile < 5.12.4 Authentication Bypass
critical Web App Scanning Plugin ID 115210
Synopsis
Progress ShareFile < 5.12.4 Authentication BypassDescription
Progress ShareFile versions prior to 5.12.4 are vulnerable to an authentication bypass vulnerability that could allow an unauthenticated attacker to execute arbitrary code on the affected system.Solution
Upgrade to Progress ShareFile version 5.12.4 or later.See Also
Plugin Details
Severity: Critical
ID: 115210
Type: Check Based
Family: Component Vulnerability
Published: 4/3/2026
Updated: 4/3/2026
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: High
Score: 7.3
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: Tenable
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score Source: Tenable
Vulnerability Information
CPE: cpe:2.3:a:progress:sharefile:*:*:*:*:*:*:*:*
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/10/2026
Vulnerability Publication Date: 4/2/2026
Reference Information
CVE: CVE-2026-2699, CVE-2026-2701
CWE: 287
OWASP: 2010-A3, 2013-A2, 2013-A9, 2017-A2, 2017-A9, 2021-A6, 2021-A7, 2025-A6, 2025-A7
WASC: Insufficient Authentication
CAPEC: 114, 115, 151, 194, 22, 57, 593, 633, 650, 94
DISA STIG: APSC-DV-000460, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2), 164.312(a)(1), 164.312(a)(2)(i)
ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.14.2.5, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5
NIST: sp800_53-AC-3, sp800_53-CM-6b
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-14.2.1
PCI-DSS: 3.2-6.2, 3.2-6.5.10