Strix
26.1K

CVE-2019-7215

UnknownEPSS 0.93%

Last modified

CVE-2019-7215 is a vulnerability of currently unknown severity. Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. EPSS estimates a 0.93% chance of exploitation in the next 30 days.

Description

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed.

Metrics

EPSS Probability
0.93%

55.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ProgressSitefinity>= 7.0, < 7.0.5143
ProgressSitefinity>= 7.1, < 7.1.5243
ProgressSitefinity>= 7.2, < 7.2.5353
ProgressSitefinity>= 7.3, < 7.3.5693
ProgressSitefinity>= 8.0, < 8.0.5773
ProgressSitefinity>= 8.1, < 8.1.5863
ProgressSitefinity>= 8.2, < 8.2.5973
ProgressSitefinity>= 9.0, < 9.0.6063
ProgressSitefinity>= 9.1, < 9.1.6183
ProgressSitefinity>= 9.2, < 9.2.6274
ProgressSitefinity>= 10.0, < 10.0.6429
ProgressSitefinity>= 10.1, <= 10.1.6540
ProgressSitefinity>= 10.2, < 10.2.6649
ProgressSitefinity>= 11.0, < 11.0.6736
ProgressSitefinity>= 11.1, < 11.1.6826
ProgressSitefinity>= 11.2, < 11.2.6929

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-7215?
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed.
How severe is CVE-2019-7215?
Severity scoring for CVE-2019-7215 is pending analysis. The EPSS model estimates a 0.93% probability of exploitation in the next 30 days.
How do I fix CVE-2019-7215?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-7215?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST