PT-2026-45762 · Progress · Sitefinity
Published
2026-06-02
·
Updated
2026-06-02
·
CVE-2026-7312
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Progress Sitefinity versions 14.0.7700 through 14.4.8152
Progress Sitefinity versions 15.0.8200 through 15.0.8234
Progress Sitefinity versions 15.1.8300 through 15.1.8335
Progress Sitefinity versions 15.2.8400 through 15.2.8441
Progress Sitefinity versions 15.3.8500 through 15.3.8531
Progress Sitefinity versions 15.4.8600 through 15.4.8630
Description
Insufficiently protected credentials in web services allow a remote unauthenticated attacker to obtain plain-text credentials used to connect to the Sitefinity Insight service. Successful exploitation requires a non-default site configuration and an active integration with Sitefinity Insight.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sitefinity