Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HProgress Sitefinity
APPProgress10.010.15.15.25.35.46.06.16.26.37.07.17.27.38.0+ 5 więcej
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth BypassDoS
CWE
Related vulnerabilities
CVE-2017-9248CRITICAL9.8⚠ KEVten sam produkt
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412....
CVE-2026-7312CRITICAL10.0PL ✓ten sam produkt
Progress Sitefinity: ujawnienie danych uwierzytelniających w usługach web
CVE-2026-7198CRITICAL9.8PL ✓ten sam produkt
Obejście uwierzytelnienia w Progress Sitefinity — pełny dostęp bez logowania
CVE-2023-29375CRITICAL9.8ten sam produkt
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1....
CVE-2019-17392CRITICAL9.8ten sam produkt
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host...