Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown

Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown
Progress Software confirmed that a high-severity zero-day path traversal vulnerability forced the emergency shutdown of ShareFile Storage Zone Controllers and has now released patches. The company says there is no indication of customer account compromise or active threat, and urges users to install the updates immediately. #ProgressSoftware #ShareFile #StorageZoneController

Keypoints

  • Progress shut down ShareFile Storage Zone Controllers after a credible external security threat warning.
  • The issue was identified as a high-severity path traversal flaw affecting ShareFile Storage Zone Controller 5.x and 6.x versions.
  • An authenticated administrative user could read files, write attacker-controlled content, or enumerate the server filesystem.
  • Progress released versions 5.12.5 and 6.0.2 to fix the vulnerability.
  • The company says there is no evidence of unauthorized access to customer accounts or data.

Read More: https://www.bleepingcomputer.com/news/security/progress-confirms-sharefile-zero-day-flaw-behind-storage-zone-shutdown/