CVE-2019-7215 is a vulnerability in Progress Sitefinity
Published on June 6, 2019
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed.
Products Associated with CVE-2019-7215
Want to know whenever a new CVE is published for Progress Sitefinity? stack.watch will email you.
Exploit Probability
EPSS
0.01%
Percentile
0.56%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.