PT-2018-6027 · Progress · Sitefinity
Published
2018-01-08
·
Updated
2018-02-01
·
CVE-2017-15883
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Sitefinity versions 5.1 through 10.x
Description:
The issue allows remote attackers to bypass authentication, which can lead to a denial of service on load balanced sites or privilege escalation. This is due to vectors related to weak cryptography.
Recommendations:
For versions 5.1 through 10.x, update to a version that addresses the weak cryptography issue to prevent authentication bypass and potential denial of service or privilege escalation.
Fix
DoS
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sitefinity