CVE-2024-1632

Published: Feb 28, 2024Modified: Dec 16, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.

Affected (3)

Products: Progress: Sitefinity

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Progress Sitefinity	Before 13.3.7649
Progress Sitefinity	From 14.0 to 14.4.8135
Progress Sitefinity	From 15.0.8200 to 15.0.8227

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024

Source: security@progress.com

Vendor Advisory

https://www.progress.com/sitefinity-cms

Source: security@progress.com

Product

https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.progress.com/sitefinity-cms

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.