CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight, non-default site configuration and valid back-end authorization.
| Vendor | Product | Versions |
|---|---|---|
| progress | sitefinity | 8.0.5700 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| progress | sitefinity | cert_advisory | 90% |
Updated affected versions to include 13.3.7651, added CWE-522, and noted no exploit is available.
Initial creation