Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

ECS Connections Manager

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2026-4048
Assigner-Progress Software Corporation
ShareView Details
Assigner-Progress Software Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 23.23%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 13:36
Updated-22 Apr, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process.

Action-Not Available
Vendor-Progress Software Corporation
Product-Object Scale Connection ManagerLoadMasterECS Connections ManagerMOVEit WAF
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-3519
Assigner-Progress Software Corporation
ShareView Details
Assigner-Progress Software Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 23.23%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 13:32
Updated-22 Apr, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command

Action-Not Available
Vendor-Progress Software Corporation
Product-Object Scale Connection ManagerLoadMasterECS Connections ManagerMOVEit WAF
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-3518
Assigner-Progress Software Corporation
ShareView Details
Assigner-Progress Software Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 23.23%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 13:29
Updated-22 Apr, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command

Action-Not Available
Vendor-Progress Software Corporation
Product-Object Scale Connection ManagerLoadMasterECS Connections ManagerMOVEit WAF
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-3517
Assigner-Progress Software Corporation
ShareView Details
Assigner-Progress Software Corporation
CVSS Score-8.4||HIGH
EPSS-0.08% / 23.23%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 13:22
Updated-22 Apr, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command

Action-Not Available
Vendor-Progress Software Corporation
Product-Object Scale Connection ManagerLoadMasterECS Connections ManagerMOVEit WAF
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')