Feedback
 
Did this article resolve your question/issue?

   

Your feedback is appreciated.

Please tell us how we can make this article more useful. Please provide us a way to contact you, should we need clarification on the feedback provided or if you need further assistance.

Characters Remaining: 1025

 


Article

Security Advisory For Resolving Security Vulnerabilities, May 2019

« Go Back

Information

 
Article Number000095693
EnvironmentProduct: Sitefinity
Version: 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, 11.x, 12.x
OS: All supported OS versions
Database: All supported database server versions
Question/Problem Description

A set of potential security vulnerabilities have been identified in Progress Sitefinity CMS. Below you will find information on each vulnerability and list of bugfix rollup patches available per version. If you have questions, please contact Progress Technical Support.     

  • ECommerce PayPal vulnerability 

  • Authentication cookie invalidation  

  • CSRF in WCF services in classic backend UI 

Steps to Reproduce
Clarifying Information
Error Message
Defect/Enhancement Number
Cause
Resolution

For optimal security, we recommend an upgrade to the latest Progress Sitefinity CMS release. 

Remedy is also available for older Progress Sitefinity CMS versions listed below: 

 

Sitefinity Version 

Patch Version 

Ecommerce PayPal vulnerability 

Authentication cookie invalidation 

CSRF in WCF services in classic backend UI 

11.2 

 11.2.6929 

 Fixed 

 Fixed 

 Fixed 

11.1 

 11.1.6826 

 Fixed 

 Fixed 

 Fixed 

11.0 

 11.0.6736 

 Fixed 

 Fixed 

 Fixed 

10.2 

 10.2.6649 

 Fixed 

 Fixed 

 N/A 

10.1 

 10.1.6540 

 Fixed 

 Fixed 

 N/A 

10.0 

 10.0.6429 

 Fixed 

 Fixed 

 N/A 

9.2 

 9.2.6274 

 Fixed 

 Fixed 

 N/A 

9.1 

 9.1.6183 

 Fixed 

 Fixed 

 N/A 

9.0 

 9.0.6063 

 Fixed 

 Fixed 

 N/A 

8.2 

 8.2.5973 

 Fixed 

 Fixed 

 N/A 

8.1 

 8.1.5863 

 Fixed 

 Fixed 

 N/A 

8.0 

 8.0.5773 

 Fixed 

 Fixed 

 N/A 

7.3 

 7.3.5693 

 Fixed 

 Fixed 

 N/A 

7.2 

 7.2.5353 

 Fixed 

 Fixed 

 N/A 

7.1 

 7.1.5243  

 Fixed 

 Fixed 

 N/A 

7.0 

 7.0.5143 

 Fixed 

 Fixed 

 N/A 

 

Workaround
Notes
For more information on how to apply the patch, refer to 
Progress Knowledge Base Article 000076924, How to update Sitefinity to hotfix, internal build or a patch
Attachment 
Last Modified Date7/29/2019 10:06 AM