CVE Catalog

CVE-2026-42063

MediumCVSS 4.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

20th percentile - higher than 20% of all known CVEs

Summary

A vulnerability exists in iControl SOAP that allows an authenticated attacker with the Resource Administrator or Administrator role to download sensitive files.

Risk Assessment

An attacker could gain access to confidential information, potentially leading to serious security breaches within the organization.

Recommendation

It is recommended to restrict access to the Resource Administrator and Administrator roles and to update the software to versions that have not reached End of Technical Support.

Original NVD description (English source)

A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrator or Administrator role can download sensitive files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS