CVE-2019-7215
published 2019-06-06CVE-2019-7215: Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid…
PriorityP431medium6.5CVSS 3.0
AVNACLPRNUINSUCLILAN
EPSS
0.93%
56.0th percentile
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | sitefinity | >= 10.0 < 10.0.6429 | 10.0.6429 |
| progress | sitefinity | 10.1 – 10.1.6540 | — |
| progress | sitefinity | >= 10.2 < 10.2.6649 | 10.2.6649 |
| progress | sitefinity | >= 11.0 < 11.0.6736 | 11.0.6736 |
| progress | sitefinity | >= 11.1 < 11.1.6826 | 11.1.6826 |
| progress | sitefinity | >= 11.2 < 11.2.6929 | 11.2.6929 |
| progress | sitefinity | >= 7.0 < 7.0.5143 | 7.0.5143 |
| progress | sitefinity | >= 7.1 < 7.1.5243 | 7.1.5243 |
| progress | sitefinity | >= 7.2 < 7.2.5353 | 7.2.5353 |
| progress | sitefinity | >= 7.3 < 7.3.5693 | 7.3.5693 |
| progress | sitefinity | >= 8.0 < 8.0.5773 | 8.0.5773 |
| progress | sitefinity | >= 8.1 < 8.1.5863 | 8.1.5863 |
| progress | sitefinity | >= 8.2 < 8.2.5973 | 8.2.5973 |
| progress | sitefinity | >= 9.0 < 9.0.6063 | 9.0.6063 |
| progress | sitefinity | >= 9.1 < 9.1.6183 | 9.1.6183 |
| progress | sitefinity | >= 9.2 < 9.2.6274 | 9.2.6274 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://knowledgebase.progress.com/#sort=relevancy&f:%40objecttypelabel=%5BProduct%20Alert%5Dhttps://knowledgebase.progress.com/articles/Article/Security-Advisory-For-Resolving-Security-Vulnerabilities-May-2019https://knowledgebase.progress.com/#sort=relevancy&f:%40objecttypelabel=%5BProduct%20Alert%5Dhttps://knowledgebase.progress.com/articles/Article/Security-Advisory-For-Resolving-Security-Vulnerabilities-May-2019
2019-06-06
Published