Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.
2018-01-08T19:29:00.953
2024-11-21T03:15:24.227
Modified
CVSSv3.0: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | progress | sitefinity | 5.1 | Yes |
| Application | progress | sitefinity | 5.2 | Yes |
| Application | progress | sitefinity | 5.3 | Yes |
| Application | progress | sitefinity | 5.4 | Yes |
| Application | progress | sitefinity | 6.0 | Yes |
| Application | progress | sitefinity | 6.1 | Yes |
| Application | progress | sitefinity | 6.2 | Yes |
| Application | progress | sitefinity | 6.3 | Yes |
| Application | progress | sitefinity | 7.0 | Yes |
| Application | progress | sitefinity | 7.1 | Yes |
| Application | progress | sitefinity | 7.2 | Yes |
| Application | progress | sitefinity | 7.3 | Yes |
| Application | progress | sitefinity | 8.0 | Yes |
| Application | progress | sitefinity | 8.1 | Yes |
| Application | progress | sitefinity | 8.2 | Yes |
| Application | progress | sitefinity | 9.0 | Yes |
| Application | progress | sitefinity | 9.1 | Yes |
| Application | progress | sitefinity | 9.2 | Yes |
| Application | progress | sitefinity | 10.0 | Yes |
| Application | progress | sitefinity | 10.1 | Yes |