6.5
CVE-2019-7215
- EPSS 0.01%
- Veröffentlicht 06.06.2019 17:29:00
- Zuletzt bearbeitet 21.11.2024 04:47:45
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Progress ≫ Sitefinity Version >= 7.0 < 7.0.5143
Progress ≫ Sitefinity Version >= 7.1 < 7.1.5243
Progress ≫ Sitefinity Version >= 7.2 < 7.2.5353
Progress ≫ Sitefinity Version >= 7.3 < 7.3.5693
Progress ≫ Sitefinity Version >= 8.0 < 8.0.5773
Progress ≫ Sitefinity Version >= 8.1 < 8.1.5863
Progress ≫ Sitefinity Version >= 8.2 < 8.2.5973
Progress ≫ Sitefinity Version >= 9.0 < 9.0.6063
Progress ≫ Sitefinity Version >= 9.1 < 9.1.6183
Progress ≫ Sitefinity Version >= 9.2 < 9.2.6274
Progress ≫ Sitefinity Version >= 10.0 < 10.0.6429
Progress ≫ Sitefinity Version >= 10.1 <= 10.1.6540
Progress ≫ Sitefinity Version >= 10.2 < 10.2.6649
Progress ≫ Sitefinity Version >= 11.0 < 11.0.6736
Progress ≫ Sitefinity Version >= 11.1 < 11.1.6826
Progress ≫ Sitefinity Version >= 11.2 < 11.2.6929
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.003 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."