Low-Privileged Users May Access Sensitive Information from Sitefinity's Administrative Area
CVE-2024-1632

6.5MEDIUM

Key Information:

Vendor
Progress Software
Status
Sitefinity
Vendor
CVE Published:
28 February 2024

Summary

Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.

Affected Version(s)

Sitefinity 13.3.7600

Sitefinity 13.3.7600 < 13.3.7649

Sitefinity 14.4.8100 < 14.4.8135

References

https://www.progress.com/sitefinity-cms
product
https://community.progress.com/s/article/Sitefinity-Secur...
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.