Sitefinity Security Advisory

We have been notified that Sitefinity has issued an advisory and a software patch for a security vulnerability in their platform.  We recommend applying the patch as soon as possible. For more information about the vulnerability, please see the advisory and link below from Progress.

Progress SitefinitySitefinity Security Advisory for cryptographic vulnerability CVE-2017-15883

Product: Sitefinity
Version: 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, 10.x
OS: All supported OS versions
Database: All supported database server versions

Question/Problem Description
A security vulnerability was identified in Sitefinity CMS.
Vulnerability type: Weak cryptography in Sitefinity
Vulnerability impact: An exploit may lead to:

  • denial of service on load balanced sites
  • elevation of backend user privileges on all sites

Areas affected by the vulnerability:
Only temporary (data in transit) messages may be affected.
NOTE: No persistent data (data at rest) is affected. Encrypted/Hashed data stored in the site is not affected.

Sitefinity has investigated and addressed the issue. Please visit Progress site to learn more about the fix.

If you would like CTComp to assist, please email to generate a service ticket in order to plan and implement. Time to assist will be billable as needed. Any work outside of the hours of 8:30AM – 5:00PM Monday through Friday, if preferred, will be charged at time and half.