Sitefinity Security Advisory
We have been notified that Sitefinity has issued an advisory and a software patch for a security vulnerability in their platform. We recommend applying the patch as soon as possible. For more information about the vulnerability, please see the advisory and link below from Progress.
Sitefinity Security Advisory for cryptographic vulnerability CVE-2017-15883
Environment
Product: Sitefinity
Version: 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, 10.x
OS: All supported OS versions
Database: All supported database server versions
Question/Problem Description
A security vulnerability was identified in Sitefinity CMS.
Vulnerability type: Weak cryptography in Sitefinity http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15883
Vulnerability impact: An exploit may lead to:
- denial of service on load balanced sites
- elevation of backend user privileges on all sites
Areas affected by the vulnerability:
Only temporary (data in transit) messages may be affected.
NOTE: No persistent data (data at rest) is affected. Encrypted/Hashed data stored in the site is not affected.
Sitefinity has investigated and addressed the issue. Please visit Progress site to learn more about the fix. https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883
If you would like CTComp to assist, please email service@ctcomp.com to generate a service ticket in order to plan and implement. Time to assist will be billable as needed. Any work outside of the hours of 8:30AM – 5:00PM Monday through Friday, if preferred, will be charged at time and half.
