4 matches found
CVE-2017-18179
Progress Sitefinity 9.1 uses wrapaccesstoken as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1...
CVE-2017-18179
Progress Sitefinity 9.1 uses wrapaccesstoken as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1...
CVE-2017-18179
Progress Sitefinity 9.1 contains a vulnerability where wrap_access_token is a non‑expiring authentication token that remains valid after a password change or session termination and is transmitted as a GET parameter. This could enable token exposure and unauthorized access. The issue is fixed in ...
CVE-2017-18179
Progress Sitefinity 9.1 uses wrapaccesstoken as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1...