CVE-2019-17392
CRITICALCVSS 9.8/10EPSS 1.09%
Last modified
CVE-2019-17392 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.. EPSS estimates a 1.09% chance of exploitation in the next 30 days.
Description
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Progress | Sitefinity | >= 9.1, < 9.1.6185 |
| Progress | Sitefinity | >= 9.2, < 9.2.6276 |
| Progress | Sitefinity | >= 10.0, < 10.0.6431 |
| Progress | Sitefinity | >= 10.1, < 10.1.6542 |
| Progress | Sitefinity | >= 10.2, <= 10.2.6651 |
| Progress | Sitefinity | >= 11.0, <= 11.0.6739 |
| Progress | Sitefinity | >= 11.1, <= 11.1.6828 |
| Progress | Sitefinity | >= 11.2, <= 11.2.6934 |
| Progress | Sitefinity | >= 12.0, <= 12.0.7032 |
| Progress | Sitefinity | >= 12.1, <= 12.1.7128 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-17392?
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
How severe is CVE-2019-17392?
CVE-2019-17392 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.09% probability of exploitation in the next 30 days.
How do I fix CVE-2019-17392?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2019-17392?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST