Vulnerability Details CVE-2019-7215
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.7%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 6.4
References
- https://knowledgebase.progress.com/#sort=relevancy&f:%40objecttypelabel=%5BProduct%20Alert%5D
- https://knowledgebase.progress.com/articles/Article/Security-Advisory-For-Resolving-Security-Vulnerabilities-May-2019
- https://knowledgebase.progress.com/#sort=relevancy&f:%40objecttypelabel=%5BProduct%20Alert%5D
- https://knowledgebase.progress.com/articles/Article/Security-Advisory-For-Resolving-Security-Vulnerabilities-May-2019
Products affected by CVE-2019-7215
-
cpe:2.3:a:progress:sitefinity:10.0
-
cpe:2.3:a:progress:sitefinity:10.0.6400
-
cpe:2.3:a:progress:sitefinity:10.0.6401.0
-
cpe:2.3:a:progress:sitefinity:10.0.6411
-
cpe:2.3:a:progress:sitefinity:10.0.6412
-
cpe:2.3:a:progress:sitefinity:10.0.6412.0
-
cpe:2.3:a:progress:sitefinity:10.0.6413
-
cpe:2.3:a:progress:sitefinity:10.0.6414
-
cpe:2.3:a:progress:sitefinity:10.0.6415
-
cpe:2.3:a:progress:sitefinity:10.0.6426
-
cpe:2.3:a:progress:sitefinity:10.0.6427
-
cpe:2.3:a:progress:sitefinity:10.0.6428
-
cpe:2.3:a:progress:sitefinity:10.1
-
cpe:2.3:a:progress:sitefinity:10.1.6500
-
cpe:2.3:a:progress:sitefinity:10.1.6501
-
cpe:2.3:a:progress:sitefinity:10.1.6502
-
cpe:2.3:a:progress:sitefinity:10.1.6503
-
cpe:2.3:a:progress:sitefinity:10.1.6504
-
cpe:2.3:a:progress:sitefinity:10.1.6505
-
cpe:2.3:a:progress:sitefinity:10.1.6506
-
cpe:2.3:a:progress:sitefinity:10.1.6535
-
cpe:2.3:a:progress:sitefinity:10.1.6536
-
cpe:2.3:a:progress:sitefinity:10.1.6538
-
cpe:2.3:a:progress:sitefinity:10.1.6540
-
cpe:2.3:a:progress:sitefinity:10.2
-
cpe:2.3:a:progress:sitefinity:10.2.6600
-
cpe:2.3:a:progress:sitefinity:10.2.6601
-
cpe:2.3:a:progress:sitefinity:10.2.6602
-
cpe:2.3:a:progress:sitefinity:10.2.6603
-
cpe:2.3:a:progress:sitefinity:10.2.6604
-
cpe:2.3:a:progress:sitefinity:10.2.6636
-
cpe:2.3:a:progress:sitefinity:10.2.6641
-
cpe:2.3:a:progress:sitefinity:10.2.6647
-
cpe:2.3:a:progress:sitefinity:11.0
-
cpe:2.3:a:progress:sitefinity:11.0.6700
-
cpe:2.3:a:progress:sitefinity:11.0.6701
-
cpe:2.3:a:progress:sitefinity:11.0.6702
-
cpe:2.3:a:progress:sitefinity:11.0.6728
-
cpe:2.3:a:progress:sitefinity:11.0.6729
-
cpe:2.3:a:progress:sitefinity:11.0.6730
-
cpe:2.3:a:progress:sitefinity:11.0.6732
-
cpe:2.3:a:progress:sitefinity:11.0.6733
-
cpe:2.3:a:progress:sitefinity:11.1
-
cpe:2.3:a:progress:sitefinity:11.1.6800
-
cpe:2.3:a:progress:sitefinity:11.1.6821
-
cpe:2.3:a:progress:sitefinity:11.1.6822
-
cpe:2.3:a:progress:sitefinity:11.1.6823
-
cpe:2.3:a:progress:sitefinity:11.1.6824
-
cpe:2.3:a:progress:sitefinity:11.1.6825
-
cpe:2.3:a:progress:sitefinity:11.2
-
cpe:2.3:a:progress:sitefinity:11.2.6900
-
cpe:2.3:a:progress:sitefinity:11.2.6921
-
cpe:2.3:a:progress:sitefinity:11.2.6922
-
cpe:2.3:a:progress:sitefinity:11.2.6923
-
cpe:2.3:a:progress:sitefinity:11.2.6924
-
cpe:2.3:a:progress:sitefinity:11.2.6925
-
cpe:2.3:a:progress:sitefinity:11.2.6926
-
cpe:2.3:a:progress:sitefinity:11.2.6927
-
cpe:2.3:a:progress:sitefinity:11.2.6928
-
cpe:2.3:a:progress:sitefinity:7.0
-
cpe:2.3:a:progress:sitefinity:7.1
-
cpe:2.3:a:progress:sitefinity:7.2
-
cpe:2.3:a:progress:sitefinity:7.3
-
cpe:2.3:a:progress:sitefinity:8.0
-
cpe:2.3:a:progress:sitefinity:8.0.5700
-
cpe:2.3:a:progress:sitefinity:8.0.5710
-
cpe:2.3:a:progress:sitefinity:8.0.5730
-
cpe:2.3:a:progress:sitefinity:8.0.5750
-
cpe:2.3:a:progress:sitefinity:8.0.5770
-
cpe:2.3:a:progress:sitefinity:8.0.5771
-
cpe:2.3:a:progress:sitefinity:8.0.5772
-
cpe:2.3:a:progress:sitefinity:8.1
-
cpe:2.3:a:progress:sitefinity:8.1.5800
-
cpe:2.3:a:progress:sitefinity:8.1.5810
-
cpe:2.3:a:progress:sitefinity:8.1.5820
-
cpe:2.3:a:progress:sitefinity:8.1.5830
-
cpe:2.3:a:progress:sitefinity:8.1.5831
-
cpe:2.3:a:progress:sitefinity:8.1.5840
-
cpe:2.3:a:progress:sitefinity:8.1.5850
-
cpe:2.3:a:progress:sitefinity:8.1.5851
-
cpe:2.3:a:progress:sitefinity:8.1.5860
-
cpe:2.3:a:progress:sitefinity:8.1.5862
-
cpe:2.3:a:progress:sitefinity:8.2
-
cpe:2.3:a:progress:sitefinity:8.2.5900
-
cpe:2.3:a:progress:sitefinity:8.2.5920
-
cpe:2.3:a:progress:sitefinity:8.2.5921
-
cpe:2.3:a:progress:sitefinity:8.2.5940
-
cpe:2.3:a:progress:sitefinity:8.2.5960
-
cpe:2.3:a:progress:sitefinity:8.2.5961
-
cpe:2.3:a:progress:sitefinity:8.2.5970
-
cpe:2.3:a:progress:sitefinity:8.2.5971
-
cpe:2.3:a:progress:sitefinity:8.2.5972
-
cpe:2.3:a:progress:sitefinity:9.0
-
cpe:2.3:a:progress:sitefinity:9.0.6000
-
cpe:2.3:a:progress:sitefinity:9.0.6010
-
cpe:2.3:a:progress:sitefinity:9.0.6020
-
cpe:2.3:a:progress:sitefinity:9.0.6030
-
cpe:2.3:a:progress:sitefinity:9.0.6040
-
cpe:2.3:a:progress:sitefinity:9.0.6050
-
cpe:2.3:a:progress:sitefinity:9.0.6051
-
cpe:2.3:a:progress:sitefinity:9.0.6060
-
cpe:2.3:a:progress:sitefinity:9.0.6062
-
cpe:2.3:a:progress:sitefinity:9.1
-
cpe:2.3:a:progress:sitefinity:9.1.6100
-
cpe:2.3:a:progress:sitefinity:9.1.6110
-
cpe:2.3:a:progress:sitefinity:9.1.6150
-
cpe:2.3:a:progress:sitefinity:9.1.6160
-
cpe:2.3:a:progress:sitefinity:9.1.6170
-
cpe:2.3:a:progress:sitefinity:9.1.6171
-
cpe:2.3:a:progress:sitefinity:9.1.6180
-
cpe:2.3:a:progress:sitefinity:9.1.6181
-
cpe:2.3:a:progress:sitefinity:9.1.6182
-
cpe:2.3:a:progress:sitefinity:9.2
-
cpe:2.3:a:progress:sitefinity:9.2.6200
-
cpe:2.3:a:progress:sitefinity:9.2.6210
-
cpe:2.3:a:progress:sitefinity:9.2.6220
-
cpe:2.3:a:progress:sitefinity:9.2.6230
-
cpe:2.3:a:progress:sitefinity:9.2.6250
-
cpe:2.3:a:progress:sitefinity:9.2.6260
-
cpe:2.3:a:progress:sitefinity:9.2.6261
-
cpe:2.3:a:progress:sitefinity:9.2.6270
-
cpe:2.3:a:progress:sitefinity:9.2.6271
-
cpe:2.3:a:progress:sitefinity:9.2.6272