Weak Password Recovery Mechanism in Progress Sitefinity
CVE-2019-17392

9.8CRITICAL

Key Information:

Vendor: Progress
Status: Sitefinity
Vendor: CVE Published:; 26 November 2019

Summary

Progress Sitefinity version 12.1 is susceptible to a weakness in its password recovery method. This vulnerability arises from improper handling of the HTTP Host header, making it easier for unauthorized users to exploit the system. It's crucial for users to be aware of this security issue to protect sensitive information.

References

https://knowledgebase.progress.com/articles/Article/Secur...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 26, 2019
Vulnerability Reserved
Oct 9, 2019