CVE-2019-7215

Name of the Vulnerable Software and Affected Versions Progress Sitefinity version 10.1.6536

Description The issue allows session cookies to remain valid on the server side after a user logs out, as the system attempts to overwrite the cookie in the browser instead of invalidating it. This enables the cookie to be reused, maintaining access to the account even if the account credentials and permissions are changed.

Recommendations For Progress Sitefinity version 10.1.6536, consider implementing a proper session cookie invalidation mechanism upon user logout to prevent unauthorized access. As a temporary workaround, restrict access to sensitive account features until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.