Lucene search
ProgressSoftwareCVELIST:CVE-2024-1632HistoryFeb 28, 2024 - 12:04 p.m.
CVE-2024-1632 Incorrect access control in the Sitefinity backend
2024-02-2812:04:45
CWE-284
ProgressSoftware
www.cve.org
cve-2024-1632
incorrect access control
low-privileged users
sensitive information
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site’s administrative area.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Sitefinity",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "13.3.7649",
"status": "affected",
"version": "13.3.7600",
"versionType": "semver"
},
{
"lessThan": "14.4.8135",
"status": "affected",
"version": "14.4.8100",
"versionType": "semver"
},
{
"lessThan": "15.0.8227",
"status": "affected",
"version": "15.0.8200",
"versionType": "semver"
}
]
}
]Related
nvd
nvd
CVE-2024-1632
2024-02-28 12:15:46
cve
cve
CVE-2024-1632
2024-02-28 12:15:46
prion
prion
Information disclosure
2024-02-28 12:15:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Related for CVELIST:CVE-2024-1632