Vulnerability Details : CVE-2019-7215
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed.
Products affected by CVE-2019-7215
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
- cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-7215
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-7215
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.9
|
2.5
|
NIST |
CWE ids for CVE-2019-7215
-
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-7215
-
https://knowledgebase.progress.com/articles/Article/Security-Advisory-For-Resolving-Security-Vulnerabilities-May-2019
Article: Security Advisory For Resolving Security Vulnerabilities, May 2019Release Notes;Vendor Advisory
-
https://knowledgebase.progress.com/#sort=relevancy&f:@objecttypelabel=[Product%20Alert]
Progress KB - HomeVendor Advisory
Jump to