Skip to main content

Sitefinity CVE-2024-11627

MEDIUM
Insufficient Session Expiration (CWE-613)
2025-01-07 security@progress.com
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:02 vuln.today
CVE Published
Jan 07, 2025 - 08:15 nvd
MEDIUM 6.8

DescriptionCVE.org

: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.

AnalysisAI

: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-613. : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. Affected products include: Progress Sitefinity. Version information: through 14.4.8142.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-17055 HIGH POC
7.5 Sep 28

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. Ra

CVE-2026-7312 CRITICAL
10.0 Jun 02

Credential disclosure in Progress Sitefinity 14.0.7700-15.4.8630 allows remote unauthenticated attackers to retrieve pla

CVE-2026-7198 CRITICAL
9.8 Jun 02

Unauthenticated access control bypass in Progress Sitefinity 15.4.8623 (fixed in 15.4.8630) enables remote attackers to

CVE-2023-29375 CRITICAL
9.8 Apr 10

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2

CVE-2019-17392 CRITICAL
9.8 Nov 26

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is

CVE-2026-7195 HIGH
8.8 Jun 02

Account compromise in Progress Sitefinity CMS (14.1.x-15.4.x prior to the May 2026 fix train) allows a remote unauthenti

CVE-2026-7201 HIGH
8.8 Jun 02

Authenticated account takeover in Progress Sitefinity 15.2.x, 15.3.x, and 15.4.x allows a low-privileged remote user to

CVE-2026-7313 HIGH
8.7 Jun 02

Credential exposure in Progress Sitefinity versions 8.0.5700 through 13.3.7652 allows authenticated back-end users to re

CVE-2024-1632 MEDIUM
6.5 Feb 28

Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrati

CVE-2019-7215 MEDIUM
6.5 Jun 06

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. Rated medium severity (CVSS 6.5), this v

CVE-2024-1636 MEDIUM
5.4 Feb 28

Potential Cross-Site Scripting (XSS) in the page editing area. Rated medium severity (CVSS 5.4), this vulnerability is r

CVE-2023-29376 MEDIUM
5.4 Apr 10

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2

Share

CVE-2024-11627 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy