PT-2025-52324 · Kentico · Kentico Xperience
Published
2025-12-18
·
Updated
2025-12-24
·
CVE-2024-58317
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Kentico Xperience (affected versions not specified)
Description
A configuration issue in Kentico Xperience related to cookie security allows attackers to bypass SSL requirements when setting administration cookies through the web.config file. This occurs due to the incorrect handling of the 'requireSSL' attribute, which can compromise session security and authentication state. The issue impacts .NET Framework projects.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kentico Xperience