Vulnerability Details CVE-2019-17392
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2019-17392
-
cpe:2.3:a:progress:sitefinity:10.0
-
cpe:2.3:a:progress:sitefinity:10.0.6412.0
-
cpe:2.3:a:progress:sitefinity:10.0.6429
-
cpe:2.3:a:progress:sitefinity:10.1
-
cpe:2.3:a:progress:sitefinity:10.1.6540
-
cpe:2.3:a:progress:sitefinity:10.2
-
cpe:2.3:a:progress:sitefinity:10.2.6649
-
cpe:2.3:a:progress:sitefinity:10.2.6651
-
cpe:2.3:a:progress:sitefinity:11.0
-
cpe:2.3:a:progress:sitefinity:11.0.6736
-
cpe:2.3:a:progress:sitefinity:11.0.6739
-
cpe:2.3:a:progress:sitefinity:11.1
-
cpe:2.3:a:progress:sitefinity:11.1.6826
-
cpe:2.3:a:progress:sitefinity:11.1.6828
-
cpe:2.3:a:progress:sitefinity:11.2
-
cpe:2.3:a:progress:sitefinity:11.2.6929
-
cpe:2.3:a:progress:sitefinity:11.2.6934
-
cpe:2.3:a:progress:sitefinity:12.0.7032
-
cpe:2.3:a:progress:sitefinity:12.1.7128
-
cpe:2.3:a:progress:sitefinity:9.1
-
cpe:2.3:a:progress:sitefinity:9.1.6180
-
cpe:2.3:a:progress:sitefinity:9.1.6183
-
cpe:2.3:a:progress:sitefinity:9.2
-
cpe:2.3:a:progress:sitefinity:9.2.6274