CVE-2017-15883

CRITICAL

Progress Sitefinity 5.1-10.x - Authentication Bypass via Weak Cryptography

Title source: llm
STIX 2.1

Description

Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0010
EPSS Percentile 28.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (20)
progress/sitefinity 5.1
progress/sitefinity 5.2
progress/sitefinity 5.3
progress/sitefinity 5.4
progress/sitefinity 6.0
progress/sitefinity 6.1
progress/sitefinity 6.2
progress/sitefinity 6.3
progress/sitefinity 7.0
progress/sitefinity 7.1
... and 10 more
Published Jan 08, 2018
Tracked Since Feb 18, 2026