CVE-2024-11627 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-11627

CWE

https://cwe.mitre.org/data/definitions/613.html

: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Sitefinity	Progress	4.0 (including)	14.4.8143 (excluding)
Sitefinity	Progress	15.0.8200 (including)	15.0.8230 (excluding)
Sitefinity	Progress	15.1.8300 (including)	15.1.8328 (excluding)
Sitefinity	Progress	15.2.8400 (including)	15.2.8422 (excluding)

Potential Mitigations

References

https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025
https://www.progress.com/sitefinity-cms