Progress : Security Vulnerabilities, CVEs, Published In 2018 (Gain Privilege)
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.
Max CVSS
8.8
EPSS Score
0.14%
Published
2018-02-12
Updated
2018-03-05
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.
Max CVSS
9.8
EPSS Score
0.71%
Published
2018-01-08
Updated
2018-02-01
2 vulnerabilities found