9.8

CVE-2017-15883

Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.

Data is provided by the National Vulnerability Database (NVD)
ProgressSitefinity Version5.1
ProgressSitefinity Version5.2
ProgressSitefinity Version5.3
ProgressSitefinity Version5.4
ProgressSitefinity Version6.0
ProgressSitefinity Version6.1
ProgressSitefinity Version6.2
ProgressSitefinity Version6.3
ProgressSitefinity Version7.0
ProgressSitefinity Version7.1
ProgressSitefinity Version7.2
ProgressSitefinity Version7.3
ProgressSitefinity Version8.0
ProgressSitefinity Version8.1
ProgressSitefinity Version8.2
ProgressSitefinity Version9.0
ProgressSitefinity Version9.1
ProgressSitefinity Version9.2
ProgressSitefinity Version10.0
ProgressSitefinity Version10.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.14% 0.348
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.