Progress ShareFile Storage Zones Controller
Moderate fix2 remedies
cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*
Moderate fix2 remedies
- < 5.12.4
Progress ShareFile Storage Zones Controller Authentication Bypass Vulnerability Allowing Remote Code Execution
Vulnerability
Patched
An authentication bypass vulnerability has been identified in Progress ShareFile Storage Zones Controller (SZC) versions prior to 5.12.4. This vulnerability allows an unauthenticated attacker to access restricted configuration pages, potentially leading to unauthorized changes in system configuration and remote code execution. The issue arises from improper access controls that fail to authenticate users before granting access to sensitive administrative features.
Impact
Exploitation of this vulnerability could lead to unauthorized access to configuration settings, allowing attackers to modify system parameters and execute arbitrary code on the server.
Reproduction
The vulnerability can be reproduced by sending a GET request to the '/ConfigService/Admin.aspx' endpoint. A successful exploitation will bypass authentication and return a response indicating access to the restricted configuration page.
Remediation
Users are advised to upgrade to ShareFile Storage Zones Controller version 5.12.4 or any version 6.x, as these versions are not affected by the vulnerability.
Added: Apr 2, 2026, 2:36 PM
Updated: Apr 2, 2026, 2:36 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
5.0exploitability
9.1remediation
7.7relevance
5.1threat
7.2urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.