Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sitefinity | Progress | 5.1 (including) | 5.1 (including) |
| Sitefinity | Progress | 5.2 (including) | 5.2 (including) |
| Sitefinity | Progress | 5.3 (including) | 5.3 (including) |
| Sitefinity | Progress | 5.4 (including) | 5.4 (including) |
| Sitefinity | Progress | 6.0 (including) | 6.0 (including) |
| Sitefinity | Progress | 6.1 (including) | 6.1 (including) |
| Sitefinity | Progress | 6.2 (including) | 6.2 (including) |
| Sitefinity | Progress | 6.3 (including) | 6.3 (including) |
| Sitefinity | Progress | 7.0 (including) | 7.0 (including) |
| Sitefinity | Progress | 7.1 (including) | 7.1 (including) |
| Sitefinity | Progress | 7.2 (including) | 7.2 (including) |
| Sitefinity | Progress | 7.3 (including) | 7.3 (including) |
| Sitefinity | Progress | 8.0 (including) | 8.0 (including) |
| Sitefinity | Progress | 8.1 (including) | 8.1 (including) |
| Sitefinity | Progress | 8.2 (including) | 8.2 (including) |
| Sitefinity | Progress | 9.0 (including) | 9.0 (including) |
| Sitefinity | Progress | 9.1 (including) | 9.1 (including) |
| Sitefinity | Progress | 9.2 (including) | 9.2 (including) |
| Sitefinity | Progress | 10.0 (including) | 10.0 (including) |
| Sitefinity | Progress | 10.1 (including) | 10.1 (including) |