In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System (ADS) may send specially crafted requests that could result in unauthorized access to application data and its modification.
History

Thu, 02 Jul 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Progress Software
Progress Software flowmon Ads
Vendors & Products Progress Software
Progress Software flowmon Ads

Thu, 02 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Description In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System (ADS) may send specially crafted requests that could result in unauthorized access to application data and its modification.
Title Possibility of unintended database operations when querying data related to detected anomalies in Progress Flowmon ADS
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ProgressSoftware

Published:

Updated: 2026-07-02T14:36:40.904Z

Reserved: 2026-05-22T10:44:21.456Z

Link: CVE-2026-9272

cve-icon Vulnrichment

Updated: 2026-07-02T14:36:31.308Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T16:00:11Z