{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-06T16:04:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://knowledgebase.progress.com/#sort=relevancy&f:%40objecttypelabel=%5BProduct%20Alert%5D"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-For-Resolving-Security-Vulnerabilities-May-2019"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7215", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://knowledgebase.progress.com/#sort=relevancy&f:@objecttypelabel=[Product%20Alert]", "refsource": "MISC", "url": "https://knowledgebase.progress.com/#sort=relevancy&f:@objecttypelabel=[Product%20Alert]"}, {"name": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-For-Resolving-Security-Vulnerabilities-May-2019", "refsource": "CONFIRM", "url": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-For-Resolving-Security-Vulnerabilities-May-2019"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:46:44.695Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://knowledgebase.progress.com/#sort=relevancy&f:%40objecttypelabel=%5BProduct%20Alert%5D"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-For-Resolving-Security-Vulnerabilities-May-2019"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-7215", "datePublished": "2019-06-06T16:04:00", "dateReserved": "2019-01-29T00:00:00", "dateUpdated": "2024-08-04T20:46:44.695Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "277BD71B-6CE3-435B-8BA8-3F1EBB02E76C", "versionEndExcluding": "7.0.5143", "versionStartIncluding": "7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "24A8ADA8-5742-4141-940A-B7ED1AF319F8", "versionEndExcluding": "7.1.5243", "versionStartIncluding": "7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "422E03B1-714E-4F25-8CE9-48682C867DA1", "versionEndExcluding": "7.2.5353", "versionStartIncluding": "7.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8E20A20-7522-4DA7-AB34-0C6DC8FC74CA", "versionEndExcluding": "7.3.5693", "versionStartIncluding": "7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4700637-9C9E-4F5A-9844-BF2F3303102A", "versionEndExcluding": "8.0.5773", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "D756D511-7699-4951-8456-DDF43B2592A4", "versionEndExcluding": "8.1.5863", "versionStartIncluding": "8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "030764BB-4532-4AD0-AE89-8AD06C07AE0E", "versionEndExcluding": "8.2.5973", "versionStartIncluding": "8.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "594F2749-3088-46A7-BBE6-6A490722D059", "versionEndExcluding": "9.0.6063", "versionStartIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A9A4720-84A1-4CF1-96F6-F7DDE3031599", "versionEndExcluding": "9.1.6183", "versionStartIncluding": "9.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D871475-D354-439A-BFD1-3238F68FC2AA", "versionEndExcluding": "9.2.6274", "versionStartIncluding": "9.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE8C4C3B-C0E5-44FE-AAA9-B0C0C930DB6A", "versionEndExcluding": "10.0.6429", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCC9A73D-572F-41B1-9830-C069FBA63DA7", "versionEndIncluding": "10.1.6540", "versionStartIncluding": "10.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D640141-AD94-4FBE-9655-0DBEB5F7E485", "versionEndExcluding": "10.2.6649", "versionStartIncluding": "10.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "E43A58F8-5134-43E0-81DA-F38956671F3B", "versionEndExcluding": "11.0.6736", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DCABE1C-030E-4097-99BA-A7D40039C497", "versionEndExcluding": "11.1.6826", "versionStartIncluding": "11.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*", "matchCriteriaId": "65D928E7-F706-4101-899F-DCA0BF1FC459", "versionEndExcluding": "11.2.6929", "versionStartIncluding": "11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed."}, {"lang": "es", "value": "Progress Sitefinity 10.1.6536 no invalida las cookies de sesi\u00f3n al cerrar la sesi\u00f3n. En su lugar, intenta sobrescribir la cookie en el navegador, pero sigue siendo v\u00e1lida en el lado del servidor. Esto significa que la cookie se puede reutilizar para mantener el acceso a la cuenta, incluso si se cambian las credenciales y los permisos de la cuenta."}], "id": "CVE-2019-7215", "lastModified": "2024-11-21T04:47:45.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-06T17:29:00.383", "references": [{"source": "cve@mitre.org", "url": "https://knowledgebase.progress.com/#sort=relevancy&f:%40objecttypelabel=%5BProduct%20Alert%5D"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-For-Resolving-Security-Vulnerabilities-May-2019"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://knowledgebase.progress.com/#sort=relevancy&f:%40objecttypelabel=%5BProduct%20Alert%5D"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://knowledgebase.progress.com/articles/Article/Security-Advisory-For-Resolving-Security-Vulnerabilities-May-2019"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}