CVE-2019-7215
Summary
| CVE | CVE-2019-7215 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-06-06 17:29:00 UTC |
| Updated | 2023-11-07 03:13:00 UTC |
| Description | Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed. |
Risk And Classification
Problem Types: CWE-613
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Progress | Sitefinity | All | All | All | All |
| Application | Progress | Sitefinity | All | All | All | All |
| Application | Progress | Sitefinity | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Progress KB - Home | knowledgebase.progress.com | ||
| Progress KB - Home | MISC | knowledgebase.progress.com | Vendor Advisory |
| Progress KB - Security Advisory For Resolving Security Vulnerabilities, May 2019 | CONFIRM | knowledgebase.progress.com | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.