Vulnerability Details CVE-2019-17392
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2019-17392
-
cpe:2.3:a:progress:sitefinity:10.0
-
cpe:2.3:a:progress:sitefinity:10.0.6400
-
cpe:2.3:a:progress:sitefinity:10.0.6401.0
-
cpe:2.3:a:progress:sitefinity:10.0.6411
-
cpe:2.3:a:progress:sitefinity:10.0.6412
-
cpe:2.3:a:progress:sitefinity:10.0.6412.0
-
cpe:2.3:a:progress:sitefinity:10.0.6413
-
cpe:2.3:a:progress:sitefinity:10.0.6414
-
cpe:2.3:a:progress:sitefinity:10.0.6415
-
cpe:2.3:a:progress:sitefinity:10.0.6426
-
cpe:2.3:a:progress:sitefinity:10.0.6427
-
cpe:2.3:a:progress:sitefinity:10.0.6428
-
cpe:2.3:a:progress:sitefinity:10.0.6429
-
cpe:2.3:a:progress:sitefinity:10.0.6430
-
cpe:2.3:a:progress:sitefinity:10.1
-
cpe:2.3:a:progress:sitefinity:10.1.6500
-
cpe:2.3:a:progress:sitefinity:10.1.6501
-
cpe:2.3:a:progress:sitefinity:10.1.6502
-
cpe:2.3:a:progress:sitefinity:10.1.6503
-
cpe:2.3:a:progress:sitefinity:10.1.6504
-
cpe:2.3:a:progress:sitefinity:10.1.6505
-
cpe:2.3:a:progress:sitefinity:10.1.6506
-
cpe:2.3:a:progress:sitefinity:10.1.6535
-
cpe:2.3:a:progress:sitefinity:10.1.6536
-
cpe:2.3:a:progress:sitefinity:10.1.6538
-
cpe:2.3:a:progress:sitefinity:10.1.6540
-
cpe:2.3:a:progress:sitefinity:10.1.6541
-
cpe:2.3:a:progress:sitefinity:10.2
-
cpe:2.3:a:progress:sitefinity:10.2.6600
-
cpe:2.3:a:progress:sitefinity:10.2.6601
-
cpe:2.3:a:progress:sitefinity:10.2.6602
-
cpe:2.3:a:progress:sitefinity:10.2.6603
-
cpe:2.3:a:progress:sitefinity:10.2.6604
-
cpe:2.3:a:progress:sitefinity:10.2.6636
-
cpe:2.3:a:progress:sitefinity:10.2.6641
-
cpe:2.3:a:progress:sitefinity:10.2.6647
-
cpe:2.3:a:progress:sitefinity:10.2.6649
-
cpe:2.3:a:progress:sitefinity:10.2.6650
-
cpe:2.3:a:progress:sitefinity:10.2.6651
-
cpe:2.3:a:progress:sitefinity:11.0
-
cpe:2.3:a:progress:sitefinity:11.0.6700
-
cpe:2.3:a:progress:sitefinity:11.0.6701
-
cpe:2.3:a:progress:sitefinity:11.0.6702
-
cpe:2.3:a:progress:sitefinity:11.0.6728
-
cpe:2.3:a:progress:sitefinity:11.0.6729
-
cpe:2.3:a:progress:sitefinity:11.0.6730
-
cpe:2.3:a:progress:sitefinity:11.0.6732
-
cpe:2.3:a:progress:sitefinity:11.0.6733
-
cpe:2.3:a:progress:sitefinity:11.0.6736
-
cpe:2.3:a:progress:sitefinity:11.0.6738
-
cpe:2.3:a:progress:sitefinity:11.0.6739
-
cpe:2.3:a:progress:sitefinity:11.1
-
cpe:2.3:a:progress:sitefinity:11.1.6800
-
cpe:2.3:a:progress:sitefinity:11.1.6821
-
cpe:2.3:a:progress:sitefinity:11.1.6822
-
cpe:2.3:a:progress:sitefinity:11.1.6823
-
cpe:2.3:a:progress:sitefinity:11.1.6824
-
cpe:2.3:a:progress:sitefinity:11.1.6825
-
cpe:2.3:a:progress:sitefinity:11.1.6826
-
cpe:2.3:a:progress:sitefinity:11.1.6827
-
cpe:2.3:a:progress:sitefinity:11.1.6828
-
cpe:2.3:a:progress:sitefinity:11.2
-
cpe:2.3:a:progress:sitefinity:11.2.6900
-
cpe:2.3:a:progress:sitefinity:11.2.6921
-
cpe:2.3:a:progress:sitefinity:11.2.6922
-
cpe:2.3:a:progress:sitefinity:11.2.6923
-
cpe:2.3:a:progress:sitefinity:11.2.6924
-
cpe:2.3:a:progress:sitefinity:11.2.6925
-
cpe:2.3:a:progress:sitefinity:11.2.6926
-
cpe:2.3:a:progress:sitefinity:11.2.6927
-
cpe:2.3:a:progress:sitefinity:11.2.6928
-
cpe:2.3:a:progress:sitefinity:11.2.6929
-
cpe:2.3:a:progress:sitefinity:11.2.6932
-
cpe:2.3:a:progress:sitefinity:11.2.6934
-
cpe:2.3:a:progress:sitefinity:12.0.7000
-
cpe:2.3:a:progress:sitefinity:12.0.7021
-
cpe:2.3:a:progress:sitefinity:12.0.7022
-
cpe:2.3:a:progress:sitefinity:12.0.7023
-
cpe:2.3:a:progress:sitefinity:12.0.7024
-
cpe:2.3:a:progress:sitefinity:12.0.7025
-
cpe:2.3:a:progress:sitefinity:12.0.7026
-
cpe:2.3:a:progress:sitefinity:12.0.7027
-
cpe:2.3:a:progress:sitefinity:12.0.7028
-
cpe:2.3:a:progress:sitefinity:12.0.7029
-
cpe:2.3:a:progress:sitefinity:12.0.7030
-
cpe:2.3:a:progress:sitefinity:12.0.7032
-
cpe:2.3:a:progress:sitefinity:12.1.7100
-
cpe:2.3:a:progress:sitefinity:12.1.7121
-
cpe:2.3:a:progress:sitefinity:12.1.7122
-
cpe:2.3:a:progress:sitefinity:12.1.7123
-
cpe:2.3:a:progress:sitefinity:12.1.7124
-
cpe:2.3:a:progress:sitefinity:12.1.7125
-
cpe:2.3:a:progress:sitefinity:12.1.7126
-
cpe:2.3:a:progress:sitefinity:12.1.7128
-
cpe:2.3:a:progress:sitefinity:9.1
-
cpe:2.3:a:progress:sitefinity:9.1.6100
-
cpe:2.3:a:progress:sitefinity:9.1.6110
-
cpe:2.3:a:progress:sitefinity:9.1.6150
-
cpe:2.3:a:progress:sitefinity:9.1.6160
-
cpe:2.3:a:progress:sitefinity:9.1.6170
-
cpe:2.3:a:progress:sitefinity:9.1.6171
-
cpe:2.3:a:progress:sitefinity:9.1.6180
-
cpe:2.3:a:progress:sitefinity:9.1.6181
-
cpe:2.3:a:progress:sitefinity:9.1.6182
-
cpe:2.3:a:progress:sitefinity:9.1.6183
-
cpe:2.3:a:progress:sitefinity:9.1.6184
-
cpe:2.3:a:progress:sitefinity:9.2
-
cpe:2.3:a:progress:sitefinity:9.2.6200
-
cpe:2.3:a:progress:sitefinity:9.2.6210
-
cpe:2.3:a:progress:sitefinity:9.2.6220
-
cpe:2.3:a:progress:sitefinity:9.2.6230
-
cpe:2.3:a:progress:sitefinity:9.2.6250
-
cpe:2.3:a:progress:sitefinity:9.2.6260
-
cpe:2.3:a:progress:sitefinity:9.2.6261
-
cpe:2.3:a:progress:sitefinity:9.2.6270
-
cpe:2.3:a:progress:sitefinity:9.2.6271
-
cpe:2.3:a:progress:sitefinity:9.2.6272
-
cpe:2.3:a:progress:sitefinity:9.2.6274
-
cpe:2.3:a:progress:sitefinity:9.2.6275