GCVE - cpe:2.3:a:progress:ecs_connection_manager:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:progress:ecs_connection_manager:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Progress (`f9d80521-f73f-5a85-8df9-9306f2f67809`)
Product	Ecs Connection Manager (`628a13e4-fbc8-52a8-b3e7-242abff48ebf`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-4048`	vulnerable	2026-06-03 15:26:24.255597	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF HIGH (8.4) OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process. Published: 2026-04-20T13:36:49.475Z Updated: 2026-04-22T03:55:54.495Z Open on db.gcve.eu Reference links https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3519`	vulnerable	2026-06-03 15:23:32.855403	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF HIGH (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command Published: 2026-04-20T13:32:50.259Z Updated: 2026-04-22T03:55:53.355Z Open on db.gcve.eu Reference links https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3518`	vulnerable	2026-06-03 15:23:32.854499	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF HIGH (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command Published: 2026-04-20T13:29:33.794Z Updated: 2026-04-22T03:55:52.242Z Open on db.gcve.eu Reference links https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3517`	vulnerable	2026-06-03 15:23:32.851857	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF HIGH (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command Published: 2026-04-20T13:22:54.867Z Updated: 2026-04-22T03:55:51.123Z Open on db.gcve.eu Reference links https://community.progress.com/s/article/LoadMaster-Security-Vulnerabilites-CVE-2026-3517-CVE-2026-3518-CVE-2026-3519-CVE-2026-4048-CVE-2026-21876	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13447`	vulnerable	2026-06-03 14:58:46.090778	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster HIGH (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters Published: 2026-01-13T14:31:56.911Z Updated: 2026-02-26T15:04:45.811Z Open on db.gcve.eu Reference links https://community.progress.com/s/article/LoadMaster-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/ECS-Connection-Manager-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/Connection-Manager-for-ObjectScale-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/MOVEit-WAF-Vulnerabilities-CVE-2025-13444-CVE-2025-13447	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13444`	vulnerable	2026-06-03 14:58:46.081760	OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster HIGH (8.4) OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters Published: 2026-01-13T14:26:50.661Z Updated: 2026-02-26T15:04:46.116Z Open on db.gcve.eu Reference links https://community.progress.com/s/article/LoadMaster-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/ECS-Connection-Manager-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/Connection-Manager-for-ObjectScale-Vulnerabilities-CVE-2025-13444-CVE-2025-13447 https://community.progress.com/s/article/MOVEit-WAF-Vulnerabilities-CVE-2025-13444-CVE-2025-13447	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.