CVE-2019-17392

Published: Nov 26, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.

Affected (10)

Products: Progress: Sitefinity

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Progress Sitefinity	From 10.0 to 10.0.6431
Progress Sitefinity	From 10.1 to 10.1.6542
Progress Sitefinity	From 10.2 to 10.2.6651
Progress Sitefinity	From 11.0 to 11.0.6739
Progress Sitefinity	From 11.1 to 11.1.6828
Progress Sitefinity	From 11.2 to 11.2.6934
Progress Sitefinity	From 12.0 to 12.0.7032
Progress Sitefinity	From 12.1 to 12.1.7128
Progress Sitefinity	From 9.1 to 9.1.6185
Progress Sitefinity	From 9.2 to 9.2.6276

Related CWEs

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (2)

https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-November-2019

Source: cve@mitre.org

Vendor Advisory

https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-November-2019

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.