CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2019-17392

CVSS 9.8v3.1pub. 2019-11-26upd. 2024-11-21

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Progress Sitefinity

    APP
    Progress
    9.1 – 9.1.6185 (bez)9.2 – 9.2.6276 (bez)10.0 – 10.0.6431 (bez)10.1 – 10.1.6542 (bez)10.2 – 10.2.665111.0 – 11.0.673911.1 – 11.1.682811.2 – 11.2.693412.0 – 12.0.703212.1 – 12.1.7128
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2017-9248CRITICAL9.8⚠ KEVten sam produkt

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412....

CVE-2026-7198CRITICAL9.8PL ✓ten sam produkt

Obejście uwierzytelnienia w Progress Sitefinity — pełny dostęp bez logowania

CVE-2026-7312CRITICAL10.0PL ✓ten sam produkt

Progress Sitefinity: ujawnienie danych uwierzytelniających w usługach web

CVE-2023-29375CRITICAL9.8ten sam produkt

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1....

CVE-2017-15883CRITICAL9.8ten sam produkt

Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication an...